IDAM Identity Governance and Administration (IGA) Engineer na Zoetis

POSITION SUMMARY

Zoetis, Inc. is the world's largest producer of medicine and vaccinations for pets and livestock. The Zoetis Tech & Digital (ZTD) Global Technology Risk Management Organization is a key building block of ZTD.

Join us at Zoetis India Capability Center (ZICC) in Hyderabad, where innovation meets excellence. As part of the world's leading animal healthcare company, ZICC is at the forefront of driving transformative advancements and applying technology to solve the most complex problems. Our mission is to ensure sustainable growth and maintain a competitive edge for Zoetis globally by leveraging the exceptional talent in India.

At ZICC, you'll be part of a dynamic team that partners with colleagues worldwide, embodying the true spirit of One Zoetis. Together, we ensure seamless integration and collaboration, fostering an environment where your contributions can make a real impact. Be a part of our journey to pioneer innovation and drive the future of animal healthcare.

The global Identity, Directory & Access Management (IDAM) team defines and enforces policies, executes processes, and enables systems to ensure appropriate access management across Zoetis' digital ecosystem. Key IDAM functions at Zoetis include Identity Governance & Administration (IGA), Directory & Authentication Services, Multi-Factor Authentication (MFA), Public Key Infrastructure (PKI), Customer Identity & Access Management (CIAM), and Privileged Access Management (PAM), among others.

The IDAM IGA Engineer position is a highly skilled SailPoint Subject Matter Expert (SME) role to lead both development and operational activities within our Identity Governance and Administration (IGA) program. This role is responsible for managing Identity Governance and Administration (IGA) services from both a technology and operational perspective within the Zoetis India Capability Center (ZICC).

This role requires to have deep expertise in SailPoint IdentityIQ application to create/manage user Life Cycle Management (LCM), application onboarding, access review campaigns, and integration with REST APIs. This role demands a blend of technical development skills and operational governance knowledge to ensure efficient and secure identity lifecycle management.

The engineer must possess deep technical proficiency in key areas while maintaining a broad understanding of related technologies. Additionally, the role demands expertise in business processes enabled by IAM solutions, engaging in multiple projects and collaborating with stakeholders across various organizational levels. This role ensures the seamless functioning of mission-critical IDAM services that underpin all Zoetis information systems, focusing on maximum uptime, security, and operational efficiency.

POSITION RESPONSIBILITIES

Percent of Time
Development
• Act as a hands-on technical SME, providing detailed coding, configuration, and engineering guidance for IGA programs and initiatives.
• Design, develop, and customize SailPoint IdentityIQ components including workflows, rules, connectors, and REST API integrations.
• Lead application onboarding by configuring connectors, defining entitlement models, and implementing role-based provisioning.
• Develop and maintain integrations with enterprise systems such as HRMS, Active Directory, ServiceNow, SAP, and others.
• Customize SailPoint features using Java, Beanshell, XML, and SQL.
• Plan, execute, and supervise installations, maintenance, and changes across IDAM systems.
• Identify opportunities to optimize solutions, introduce new features, and support strategic initiatives.
Operations
• Manage and execute access review campaigns, ensuring timely and accurate certifications.
• Oversee Life Cycle Manager (LCM) processes, including automated provisioning, de-provisioning, and access recertification.
• Monitor system performance, ensuring uptime, scalability, and security.
• Provide Level 2 and Level 3 support for IGA-related issues, troubleshooting complex problems and ensuring high-quality user experience.
• Participate in shift rotations and provide off-hours escalation support for high-priority incidents.
• Maintain documentation for operational processes, configurations, and customizations.
• Collaborate with HR and business units to maintain data quality and ensure alignment with business objectives.
• Ensure compliance with global IDAM policies, processes, and regulatory requirements.100%

ORGANIZATIONAL RELATIONSHIPS

• Reports directly to ZICC IDAM Technology Lead, with dotted line to US-based Head of IDAM and IDAM Operations Lead
• Be part of the global Technology Risk Management organization, which reports to the Chief Information Security Officer (CISO).
• Collaborate regularly with ZTD application, business partner, and infrastructure teams
• Interact with external vendors or partners providing software, services, or APIs that require integration with IDAM systems, including establishing requirements, negotiating contracts, and facilitating technical integration.
• Collaborate with implementation partners responsible for deploying, configuring, or maintaining integrated solutions within Zoetis’ IT landscape.

EDUCATION AND EXPERIENCE

Education:
• University Degree in Computer Science or Information Systems is required
• MS or advanced security/identity courses or other applicable certifications is desirable, including
o Certified Information Systems Security Professional (CISSP)
o SailPoint IdentityIQ Developer or Architect certification.

Experience:
• Minimum 6+ years of experience in Information Systems
• 4+ years of detailed, hands-on experience on SailPoint IdentityIQ or similar IGA Tools.
• 2+ years of experience in the pharmaceutical or other regulated industry, especially Animal Health.
• Experience working with global teams across multiple time zones.
• Proven experience in managing medium to large-scale, global IT projects.
• Demonstrated ability to work within diverse technical teams.
• Proven experience in leading technical teams and managing end-to-end solution delivery.
• Strong experience collaborating with Managed Service Providers (MSPs), with a focus on ensuring quality and alignment.
• Knowledge of ITSM tools and processes.

TECHNICAL SKILLS REQUIREMENTS

This is a detailed, hands-on technical and functional role. The ideal candidate will demonstrate proficiency in these areas and provide leadership with respect to specific technologies:

• Identity Governance & Administration (IGA):
o Expertise in SailPoint IdentityIQ (IIQ), with mandatory hands-on experience in installation and upgrade.
o Expertise in SailPoint IdentityIQ (IIQ) configuration, customization, and day-to-day operational management.
o Proficiency in configuring LCM (Lifecycle Management) workflows – joiner, leaver processes, create and manage access request workflows and User Provisioning/Deprovisioning processes.
o Proficiency in conducting access recertification campaigns and creating custom rules to meet the access review requirements.
o Experience integrating SailPoint IdentityIQ application with enterprise systems such as MS Active Directory, ServiceNow, Workday, SAP, and other platforms.
o Experience in application onboarding using multiple connectors on SailPoint IdentityIQ.
o Experience in defining and developing role based provisioning, custom roles
o Strong development skills in Java, Beanshell, XML, or similar programming languages to customize workflows, connectors, custom roles and integrate with SailPoint IdentityIQ REST APIs.
o Solid database and SQL skills for efficient data management, reporting, and integration.
o Knowledge of additional IGA platforms, such as SailPoint Identity Security Cloud (ISC), Saviynt, or others, is a plus.

• Operations:
o Manage and execute access review campaigns ensuring timely and accurate certification processes.
o Oversee Life Cycle Manager (LCM) processes including automated provisioning, de-provisioning, and access recertification.
o Monitor SailPoint platform health, performance, and security.
o Support production deployments, incident management, and root cause analysis.
o Maintain documentation related to operational processes, configurations, and customizations.
o Provide operational support for identity governance processes and user access requests.
o Experience working with Service Desk, Site Services, and Security Operations teams to enhance IAM support processes.

• Enterprise & Cloud Directories:
o Proficiency in integrating SailPoint IdentityIQ or similar platforms with Microsoft Entra ID for role provisioning/deprovisioning,
o Knowledge of integrating SailPoint IdentityIQ with PAM tools such as Delinea Secret Server for privileged account vaulting and management is a plus.

• Data Hygiene:
o Experience ensuring clean, accurate, and well-managed identity data across systems and create custom workflows to achieve this.
o Proven ability to establish procedures for decommissioning access for departing employees and reassigning service accounts and entitlements.
o Ability to collaborate with HR to ensure timely and accurate flows of authoritative user data.

• End-User and Technology Team Support:
o Experience providing or supervising Level 2 (L2) and Level 3 (L3) support for identity and authentication issues for end users and technology teams.
o Knowledge of troubleshooting and collaborating with application teams to resolve any application onboarding, availability issues.

• Desirable Skills:
o Experience with Microsoft Power Apps is a plus, including building or customizing forms and applications to enhance identity-related workflows or integrations.
o Experience with data analytics and automation tools, such as Alteryx, for streamlining workflows and troubleshooting data-related issues is a plus.
o Familiarity with data warehousing concepts and the ability to collaborate effectively with teams managing data warehouses to support identity-related processes is a plus.

• Must be fluent in both written and spoken English, with the ability to communicate effectively across technical and non-technical audiences.

PHYSICAL POSITION REQUIREMENTS

Availability to work between 1pm IST to 10pm IST hours (minimum 3 hours of daily overlap with US ET Time zone)