As a Senior IGA Architect specializing in SailPoint Identity Security Cloud (ISC), you will shape and advance the global identity governance architecture for METRO. You will drive the evolution of IGA as a foundational capability for security, compliance, and digital business enablement.

This role blends strategic architecture ownership with a hands‑on, delivery‑oriented mindset. You will define target architectures and standards, guide technical implementation, and support complex integrations across the enterprise. Your work ensures that architectural decisions are scalable, secure, and aligned with long‑term business and technology strategies.

You will design sustainable architectures for hybrid and cloud environments, ensure consistency across IGA initiatives, and translate strategic IAM/IGA roadmaps into actionable architectural patterns. Collaboration with Enterprise Architecture, Security, HR IT, Business Functions, and external partners is central to driving METRO’s global identity landscape forward.

Your Responsibilities

Strategy, Architecture & Governance

• Evolve and maintain the global IGA/IAM architecture strategy, aligned with Enterprise Architecture and Security.
• Define architectural principles, standards, and target-state models for:
  • Identity Governance (SailPoint ISC)
  • Access Management (Entra ID)
  • Privileged Access Management (PAM)
• Design scalable, cloud‑ready IAM/IGA architectures for hybrid environments.
• Develop and maintain architectural blueprints, reference architectures, and technical guidelines.
• Ensure architectural consistency across programs, projects, and regional deployments.

Architectural Control & Integration

• Provide architectural leadership for IAM/IGA‑related initiatives, with a focus on SailPoint ISC integrations.
• Ensure adherence to architectural, security, and compliance standards.
• Evaluate new requirements for architectural fit, scalability, and governance impact.
• Support complex integrations (HR systems, directories, applications, PAM tools) from design through implementation.
• Oversee onboarding of new systems into the IGA ecosystem, including connector design, lifecycle automation, and policy enforcement.
• Assist with troubleshooting, root‑cause analysis, and technical decision‑making.
• Work closely with engineering teams to ensure sustainable, maintainable implementations.

Identity Governance & Business Alignment

• Advance identity governance models and access frameworks (RBAC, ABAC, business roles, access certifications).
• Support integration of IGA into business processes across the identity lifecycle (Joiner, Mover, Leaver).
• Incorporate regulatory requirements (SOX, ISO 27001, GDPR) and audit findings into architectural design.
• Ensure alignment between business needs, security requirements, and technical capabilities.

Stakeholder Management & Communication

• Advise IT, business stakeholders, and leadership on strategic IAM/IGA decisions.
• Conduct architectural reviews, design workshops, and technical deep dives.
• Communicate complex technical concepts clearly to non‑technical audiences.

Innovation & Continuous Improvement

• Evaluate emerging technologies, trends, and best practices in IGA.
• Develop architectural guidelines and reusable patterns for SailPoint ISC and Entra ID.
• Mentor engineers strengthen internal IAM/IGA capability.

What You Bring

Professional Background

• Degree in (Business) Informatics or equivalent qualifications
• 8+ years of experience in IAM/IGA
• Proven experience designing and implementing enterprise‑scale IGA solutions, ideally with SailPoint ISC or IdentityIQ.
• Strong understanding of Entra ID, directory services, and identity lifecycle automation.
• Experience integrating complex enterprise systems into IGA platforms.
• Ability to alternate between high‑level architecture and hands‑on technical work.

Technical Skills

• Deep knowledge of IAM/IGA standards and protocols: AD, LDAP, SAML, OAuth, OIDC.
• Expertise with SailPoint ISC (or IIQ), including:
  • Identity lifecycle automation
  • Access request workflows
  • Role modeling
  • Connector frameworks
  • Policy and certification models
• Understanding modern cloud architecture (Azure, AWS, GCP).
• Familiarity with regulatory frameworks (SOX, ISO 27001, GDPR).

Nice to Have

• Experience with Zero Trust architecture.
• Manufacturer certifications (SailPoint, Microsoft, etc.).
• Experience in global transformation programs or international environments.
• Certifications such as CISSP, CISM, and CCSP.

Soft Skills

• Strong conceptual and analytical thinking.
• Ability to communicate complex topics clearly and structured.
• High degree of independence, ownership, and accountability.
• Team‑oriented, pragmatic, and solution‑driven working style.
• Excellent English skill

 

 Only include if they are going to be exclusive to IGA and not AM or PAM

 yes, they are only for IGA. There will be another architect for cross functional role

What kind of degree, and why was this one chosen over something like CS or Cyber?

General Bachelors degree. I don't think this is something that must relate to cyber security in general.

Which ones are you looking for? You have specific certs listed below, but not here where it would really matter.

Also, if this role is specific to SailPoint as indicated in the first paragraph, why bother with a MSFT cert.

Why are these nice to have if this is more of a technical role? This seems un-neede

Graduate OR Post Graduate