AGM, Identity Governance and Administration

• Lead the implementation and operation of IGA platforms (e.g., SailPoint, Saviynt, ForgeRock) across enterprise and industrial environments 
• Define and enforce identity lifecycle policies (JML), SoD controls, certification workflows, and role-based access models 
• Manage a team of engineers and analysts across client engagements for successful IGA delivery 
• Build and execute roadmaps for access governance, recertification campaigns, identity analytics, and compliance reporting 
• Design integrations with HRMS, AD/Azure AD, ITSM, ERP, and OT domain directories and controllers 
• Drive automation of user provisioning, deprovisioning, and policy enforcement across hybrid (IT+OT) landscapes 
• Ensure all implementations align to frameworks like NIST, ISO 27001, and IEC 62443 where applicable 
• Act as a SME for internal and customer audits, IAM maturity assessments, and zero-trust readiness 
• Work closely with the Head of IDAM and collaborate with adjacent teams including PAM, CIAM, Service Delivery, and OT Security 
• Train junior team members and contribute to IGA capability development within the company 

Preferred Certifications 

• SailPoint Certified Implementation Engineer or equivalent 
• CISSP / CISM / ISO 27001 LA 
• ITIL / PMP / TOGAF (as a bonus) 

• 12 + years of experience in Identity & Access Management, with minimum 6 years in IGA platforms 
• Hands-on experience with SailPoint IIQ/Saviynt/ForgeRock IGA tools (implementation, administration, custom connectors) 
• Proven track record in delivering end-to-end IGA projects at scale (10,000+ identities) 
• Strong understanding of access governance, RBAC/ABAC, SoD frameworks, and regulatory compliance 
• Experience integrating IGA with hybrid environments (cloud/on-prem/OT) 
• Working knowledge of identity protocols: SAML, OAuth2, SCIM, OIDC 
• Knowledge of OT protocols (Modbus, DNP3, OPC-UA) or IEC 62443 is a plus 
• Excellent communication, team leadership, and client/stakeholder management skills