IAM Specialist

RESPONSIBILITIES

Platform Management: Design, implement, and maintain Identity and Access Management (IAM) solutions across ICT systems and cloud-native identity platforms (e.g., SailPoint, Okta, Microsoft Entra ID).

Lifecycle Automation: Develop and manage automated workflows for the user lifecycle, including seamless onboarding, movement/transfers, and offboarding (JML processes).

Access Governance: Conduct regular access reviews, user attestation cycles, and SOD (Segregation of Duties) analysis to ensure compliance with corporate and regulatory standards.

Privileged Access: Implement and manage Privileged Access Management (PAM) controls (e.g., CyberArk, BeyondTrust) to secure administrative accounts and secrets.

Integration & Federation: Configure SSO (Single Sign-On) and Federation using protocols such as SAML, OIDC, and OAuth2 for internal and third-party applications.

Policy Enforcement: Define and enforce Conditional Access policies, Multi-Factor Authentication (MFA), and passwordless authentication strategies.

Directory Services: Maintain and optimize on-premises Active Directory and Azure AD/Entra ID environments, including group policy management and directory synchronization.

Security Monitoring: Monitor IAM-related logs for anomalies, unauthorized access attempts, and potential identity-based threats; support incident response during identity breaches.

API & Scripting: Use PowerShell, Python, or Java to develop custom connectors and scripts for integrating legacy ICT systems with modern IAM platforms.

Audit & Compliance: Support internal and external audits by providing evidence of identity controls, access logs, and adherence to public sector or GCC regulatory requirements.

Stakeholder Collaboration: Work closely with HR, IT Operations, and Application owners to define RBAC (Role-Based Access Control) and ABAC (Attribute-Based Access Control) models.

Continuous Improvement: Evaluate and pilot emerging identity technologies, such as Decentralized Identity or Identity Threat Detection and Response (ITDR).

EXPERIENCE AND SKILLS NEEDED

Core Experience: Min 2 years of experience in Identity and Access Management (IAM) engineering or analysis within enterprise ICT environments.

Platform Expertise: Hands-on experience with IAM/IGA tools (e.g., SailPoint, Saviynt, Okta) and Microsoft Entra ID (formerly Azure AD).

Regulatory Knowledge: Familiarity with public sector cloud environments, GCC requirements, and data privacy laws (e.g., PDPA, GDPR) as they relate to identity.

Protocols: Deep understanding of identity protocols including SAML 2.0, OAuth 2.0, OpenID Connect (OIDC), and SCIM.

Directory Services: Strong proficiency in Active Directory (AD), LDAP, and Azure AD Connect.

PAM Knowledge: Experience with Privileged Access Management (PAM) tools and managing "Just-In-Time" access is highly preferred.

Automation: Experience using PowerShell, Bash, or Python for identity task automation and API integration.

Infrastructure as Code: Experience managing identity configurations via Terraform or Bicep is an added advantage.

Cloud Security: Familiarity with cloud-native security tools (AWS IAM, Azure Policy) and Zero Trust Architecture principles.

Certifications: Professional certifications such as CIAM, CAMS, Microsoft Identity and Access Administrator (SC-300), Okta Certified Professional, or CISSP will be an added advantage.

Soft Skills: Strong analytical skills for troubleshooting complex access issues and the ability to document technical identity workflows clearly.

Education: Degree or Diploma in Computer Science, Cybersecurity, Information Technology, or related disciplines.