Identity & Privileged Access Management Specialist (IAM / PAM Specialist)

About the role

The IAM Engineer is a senior technical expert responsible for the end-to-end implementation and management of the enterprise Identity and Access Management framework, with a core focus on Identity Governance & Administration (IGA) and Privileged Access Management (PAM) . This role is not just operational; it is strategic and project driven. A key requirement is proven experience working closely with vendors to lead the complete implementation lifecycle of an IGA solution, from selection and design to deployment and onboarding. The engineer ensures robust governance, secure authentication, and strict adherence to the principle of least privilege, acting as the crucial link between technical implementation, business policy, and vendor management.

What you will do

IGA (Identity Governance & Administration) Implementation & Management :

Lead the end-to-end implementation of an IGA platform (e.g., SailPoint, Saviynt, ForgeRock) in collaboration with the chosen vendor. This includes requirements gathering, design, configuration, testing, and deployment.

Work closely with the vendor to ensure the solution is tailored to meet specific business processes and integration needs, particularly with HR systems (e.g., Workday, SAP) for Joiner-Mover-Leaver (JML) automation.

Develop and manage access certification campaigns, Role-Based Access Control (RBAC) models, and access request workflows.

Act as the primary technical owner and administrator for the IGA platform post-implementation

PAM (Privileged Access Management) Implementation & Management :

Implement, configure, and maintain the PAM solution (e.g., CyberArk, BeyondTrust, Thycotic) to secure, manage, and monitor privileged accounts.

Manage the vaulting, rotation, and session isolation of privileged credentials for systems, network devices, databases, and applications.

Establish and enforce policies for privileged session monitoring, recording, and auditing.

Governance, Risk & Compliance :

Work closely with Legal and Compliance teams to align IAM practices with regulations (GDPR, SOX, PCI-DSS).

Act as a primary point of contact for audits, generating detailed access reports, providing evidence of controls, and explaining technical processes to auditors.

Vendor & Stakeholder Management :

Manage the relationship and deliverables of IAM vendors, ensuring they meet project milestones, performance SLAs, and contractual obligations.

Act as a third-line escalation point for resolving complex access and authentication issues.

Collaborate with IT, HR, and business units to translate policies into technical controls.

IGA Implementation Experience (MUST HAVE) :

Must Have : Hands-on experience working directly with a vendor (e.g., SailPoint, Saviynt Professional Services) on the complete implementation lifecycle of an IGA solution.

Must Have : Proven experience inconfiguring and customizing an IGA platformfor HR-driven provisioning (e.g., integrating with Workday, SAP), access certifications, and RBAC.

Must Have : Experience inpost-implementation support and administrationof the IGA system.

PAM Implementation & Management Experience (MUST HAVE) :

Must Have : Hands-on experience deploying and configuring a major PAM solution(e.g., CyberArk, BeyondTrust).

Must Have : Experience withonboarding privileged accounts, credential vaulting, and automatic password rotation.

Must Have : Knowledge ofprivileged session management and monitoring.

Protocols & Scripting : Knowledge of SAML, OIDC, OAuth, SCIM, and LDAP. Proficiency in scripting (PowerShell, Python) for automation and integration tasks.

Directories : Expert knowledge of Microsoft Active Directory and Azure AD.

Analytical & Soft Skills :

Vendor Management : Proven ability to manage third-party vendors, hold them accountable for deliverables, and ensure solutions meet business requirements.

Cross-Functional Collaboration : Ability to translate technical concepts forLegal, HR, and Businessstakeholders.

Audit Support : Expertise in preparing for and responding to audits with precision.

Problem-Solving : Advanced troubleshooting skills for complex, cross-platform access issues.

What you will need

Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or related field.

With 5 – 7 years + of direct, hands-on IAM engineering experience.

3+ years of proven, hands-on experience implementing and administering an IGA platform (e.g., SailPoint, Saviynt). This must include experience working with the vendor on a full implementation project.

3+ years of proven, hands-on experience implementing and administering a PAM solution (e.g., CyberArk, BeyondTrust).

Demonstrable experience supporting audits and managing access review campaigns.

Direct experience working with HR on lifecycle management and with IT on troubleshooting.

Relevant industry certifications (e.g. CISSP, CISM, CRISC, CISA, CGEIT, ISO 27001 Lead Auditor / Implementer, SailPoint Certified Engineer, CyberArk Certified Trustee (CCT), Beyond Trust Certified Engineer.)

Direct experience supporting external audits and managing remediation plans.

Successful IGA Implementation : The successful, on-time, and on-budget deployment of the IGA solution, meeting all defined business and technical requirements.

Vendor Performance : The performance and delivery of the IAM implementation vendor and any managed services.

Privileged Access Security : The secure management, rotation, and monitoring of all privileged credentials, preventing credential-based attacks.

Audit Compliance : Providing 100% accurate and timely evidence for all IAM-related audit requests. Zero deficiencies due to IAM process failure.

Identity Lifecycle Automation : The accuracy and automation of user provisioning and de-provisioning, minimizing manual effort and access-related risks.

Talent acquisition based on Nexperia vacancies is not appreciated. Nexperia job adverts are Nexperia copyright material and the word Nexperia is a registered trademark.

D&I Statement

As an equal-opportunity employer, Nexperia values diversity not just because it is the right thing to do but because diverse teams perform better. We are dedicated to being inclusive, and a proof point of this dedication is that we were the main partner of the very first Dutch Paralympic Team NL House during the Paris 2024 Paralympic Games. Our recruitment process is inclusive and accessible to all, and we consider all applicants fairly, as well as providing a safe work environment and reasonable adjustments where requested.

In addition, we offer our colleagues the possibility to join employee resource groups such as the Pride Network Group or global and local Women's groups. Nexperia is committed to increasing women in management positions to 30% by 2030.

#J-18808-Ljbffr