Responsibilities and Accountabilities:

· Design, implement, and manage enterprise IAM solutions using Microsoft Entra ID, including Identity Governance (IGA/JML), Entra ID Protection, Conditional Access, MFA, SSO, and CyberArk.

· Own and operate Joiner‑Mover‑Leaver (JML) lifecycle management using Entra ID Governance features to ensure timely and secure access provisioning and deprovisioning.

· Configure and manage Entra ID Identity Governance capabilities such as access packages, lifecycle workflows, entitlement management, and access reviews.

· Design, deploy, and enforce Entra Conditional Access and risk‑based policies using Entra ID Protection, aligned with Zero Trust principles.

· Lead implementation and support of SSO integrations, MFA, and adaptive authentication across cloud and on‑prem applications.

· Perform hands‑on administration and operational support for Active Directory, Entra ID (Azure AD), Identity Governance, Identity Protection, and CyberArk platforms.

· Troubleshoot and resolve complex authentication and access issues across Conditional Access, SSO, JML/IGA processes, CyberArk, and On‑Prem AD.

· Configure and maintain CyberArk CPM and PSM components to support privileged access use cases.

· Execute access reviews, certification campaigns, and RBAC reviews to meet governance, audit, and compliance requirements.

· Monitor and resolve IAM‑related incidents and service requests within defined SLAs, driving stability and security of IAM platforms.

· Drive automation, process optimization, documentation (SOPs), cross‑team collaboration (HR/IT/Security), audit support, and continuous improvement through awareness of Microsoft Entra enhancements and IAM best practices.

Required Qualifications:

· 13–15+ years of hands‑on experience in Identity and Access Management (IAM) and Privileged Access Management (PAM) within enterprise environments.

· Strong practical experience with IAM/PAM platforms, including Microsoft Entra ID, CyberArk, and Azure SSO.

· Demonstrated hands‑on expertise in:

o CyberArk Core PAS: Vault, CPM, PVWA, PSM

o Microsoft Entra ID (Azure AD): Conditional Access, Identity Protection, and Identity Governance (JML, access reviews)

o Identity and authentication technologies: Active Directory, LDAP, SAML, OAuth 2.0, OpenID Connect

o Scripting and automation using PowerShell and/or Python to improve IAM operations

o Cloud and hybrid environments, including Azure, AWS, and GCP

o ITSM tools (e.g., ServiceNow) and incident / service‑request handling

· Strong experience collaborating with HR, IT, Security, and application teams to support identity lifecycle (JML) and access governance processes.

· Strong analytical and troubleshooting skills with attention to detail and an engineering mindset.

· Effective verbal and written communication skills, capable of working with both technical and non‑technical stakeholders.

Preferred Qualifications:

· Strong knowledge of Active Directory, Azure AD (Entra ID), CyberArk, SSO, and authentication mechanisms (SAML, OAuth, OIDC).

· Understanding of IAM governance, RBAC, and compliance standards (ISO 27001, SOX, GDPR).

· IAM certifications such as below is an advantage.

o CyberArk Defender (mandatory)

o CyberArk Sentry

o CyberArk CCDE - Core PAS

o Microsoft Certified: Identity and Access Administrator Associate

· Supporting technology in healthcare industry experience is an advantage.

Hybrid policy: 2 days office work per week (mandatory)

Advacend English