Specialist IS Architect – Provisioning

Career Category

Job Description

HOW MIGHT YOU DEFY IMAGINATION?

Join our team at AMGEN Capability Center Portugal, number 1 company in Best Workplaces - https://www.greatplacetowork.pt/ - ranking in Portugal (category 201-500 employees) by the Great Place to Work Institute. We have a team of over 300 talented people and more than 35 different nationalities, diverse areas of expertise and professional experience that are shaping the future of healthcare. This is your chance to explore a world of opportunities in different areas such as Cybersecurity, Data & Analytics, Digital, Technology and Innovation, Finance, General & Admin, Human Resources, Regulatory Affairs and many more. In Lisbon's city center, our AMGEN office fosters innovation, excellence, and inspiration. Come thrive with us at AMGEN, supporting our mission To Serve Patients. What we do at AMGEN matters in people’s lives.

SPECIALIST IS ARCHITECT

LIVE

WHAT YOU WILL DO

ABOUT THE ROLE

Role Description:

As a Specialist IS Architect at Amgen’s Capability Center Portugal (ACCP), you will be responsible for designing and implementing information system architectures to support business needs. You will analyze requirements, develop architectural designs, evaluate technology solutions, and ensure alignment with industry best practices, governance and standards. This role is responsible for architecting scalable and secure identity governance solutions, including the development and refinement of Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC) models.

Roles & Responsibilities:

• Design and implement end-to-end identity provisioning workflows for users, systems, and applications.
• Develop standardized provisioning models to support joiner/mover/leaver processes.
• Ensure provisioning solutions are scalable, secure, and compliant with internal policies and external regulations.
• Provide technical and governance oversight to all provisioning projects. Serve as the technical architect in the analysis, design and implementation of all provisioning related projects and be responsible for their successful delivery while meeting the overall security and integrity of the solution.
• Lead the development and ongoing refinement of RBAC models, including role mining, role engineering, and role lifecycle management.
• Define and manage identity governance policies, including access reviews, certifications, and entitlement management.
• Integrate identity governance with provisioning and access control mechanisms.
• Experienced in managing access reviews and certifications, implementing Segregation of Duties (SoD) controls, and ensuring audit readiness through policy enforcement.
• Support governance reporting, compliance audits, and risk assessments.
• response and remediation procedures for identity-related issues.
• Collaborate with application and infrastructure teams to integrate IAM provisioning and governance tools with enterprise systems.
• Automate provisioning/deprovisioning tasks using scripting or workflow tools to improve efficiency and accuracy.
• Provide strategic guidance and technical leadership on provisioning architecture.
• Drive adoption of best practices in access control, least privilege, and zero trust principles.
• Partner with security, compliance, HR, and IT stakeholders to align provisioning capabilities with business needs.
• This position may have after hours / on call responsibilities

WIN

WHAT WE EXPECT OF YOU:

Our ideal candidate

• Degree educated in a relevant subject
• Deep understanding of identity provisioning and deprovisioning processes across hybrid environments (cloud and on-prem).
• Experience in Identity and Access Management, with a focus on provisioning architecture.
• Experience designing and implementing RBAC, ABAC, and policy-driven access models.
• Strong working knowledge of directory services (Active Directory, LDAP) and account reconciliation strategies.
• Strong knowledge of IAM technologies such as SailPoint, CyberArk, Okta, ForgeRock, or Microsoft Entra ID (Azure AD).
• Familiarity with standards and protocols (SAML, OAuth, SCIM, LDAP, etc.).
• Experience with workflow and automation scripting (e.g., PowerShell, Python).
• Understanding of regulatory and compliance frameworks (e.g., SOX, GxP).
• Excellent communication, documentation, and stakeholder management skills.
• PowerShell, Python, Java, or BeanShell (SailPoint-specific)
• Experience with IS Security
• IAM certifications such as Certified Identity and Access Manager (CIAM), Certified Information Systems Security Professional (CISSP), or equivalent.
• Experience in cloud-based access governance (AWS, Azure, GCP).
• Exposure to CIEM, PAM, or IGA platforms.

• Excellent analytical and troubleshooting skills
• Strong verbal and written communication skills

THRIVE

WHAT YOU CAN EXPECT OF US

• Vast opportunities to learn, develop, and move up and across our global organization.

•  Diverse and inclusive community of belonging, where colleagues are empowered to bring ideas to the table, take risks, and act.

• Generous Amgen Total Rewards Plan comprising healthcare, finance, wealth and career benefits.

• Flexible work arrangements.

APPLY NOW FOR A CAREER THAT DEFIES IMAGINATION

In our quest to serve patients above all else, Amgen is the first to imagine, and the last to doubt. Join us.

CAREERS.AMGEN.COM

EQUAL OPPORTUNITY STATEMENT

Amgen is an Equal Opportunity employer and will consider you without regard to your race, colour, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status.

We will ensure that individuals with disabilities are provided a reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request an accommodation.