Senior Identity And Access Management Engineer

At Roche you can show up as yourself embraced for the unique qualities you bring. Our culture encourages personal expression open dialogue and genuine connections where you are valued accepted and respected for who you are allowing you to thrive both personally and professionally. This is how we aim to prevent stop and cure diseases and ensure everyone has access to healthcare today and for generations to come. Join Roche where every voice matters.The PositionThe Identity Management Support Team manages and operates the solutions and components used to provide customers with Directory and Identity Management Services using SailPoint. We are part of a global Roche Digital Technology group (RDT).In this role you are mainly responsible for the multi-cloud Identity Management environment focusing specifically on Azure and Google Cloud Platform (GCP) while maintaining consistency with AWS. This includes the design of new solutions consultancy maintenance performance tactical lifecycle management and continuous improvement of the underlying technologies.Your main responsibilities are :Strong background in IAM concepts at design level and evolution in Cloud environments Azure and / or GCP.Contributes to the design of new solutions based on SailPoint and PingFederate AD Privilege Access Management.Design and implement Centralized Role-Based Access Control (RBAC) based on Cloud Adoption Framework (CAF) principles.Access Governance and Controls : Enforce strong security controls across cloud environments including Multi-Factor Authentication (MFA) and Identity Protection. Implement Least Privilege policies often involving custom roles and organizational-level controls. Implement IAM Deny Policies to strictly block high-risk actions ensuring separation of dutiesAutomation and Infrastructure-as-Code (IaC) : Drive the core value of Automate as much as possible. Design and implement IAM infrastructure using IaC leveraging Terraform. For Azure this mandates IaC using Terraform and Azure Verified Modules (AVM) with CI / CD pipelines in GitLabPrivileged Access Management (PAM) : Design and support Just-in-Time (JIT) Access mechanisms ensuring no standing privileges for administrators using tools like Cyberark for Just-in-Time accessConsultancy and Collaboration : Act as a mentor and reference working closely with stakeholders to provide the right level of consultancy. Ensure regular interactions with the Managed Service ProviderOperational Excellence : Act as an expert in the release management activities providing 2nd and 3rd level support for the Identity Management Infrastructure. Proactively monitor systems for performance availability and capacity managementActively focus on self-development in creating actionable plans to improve.Who you areYoure someone who wants to drive your own development and is highly curious. Youre looking for a company where you have the opportunity to pursue your interests across functions and geographies where a job title is not considered the final definition of who you are but the starting point.For this position you bring the following experience skills & qualifications :5-7 years of experience working in a major global organization preferably in a regulated industry and in providing solutions aligned with standards security validation capacity and high availability.Bachelors Degree in computer science engineering or related discipline; or recognition of prior working experience which is equivalent.Strong hands-on technical skills with an IT operations background. Expert knowledge on infrastructure technologies business processes and applications with a focus on Sailpoint IQ Identity Governance and Access Identity Management technologies and PingFederate.Cloud Platform skills :Expertise in GCP Identity and Access Management (IAM) including Identity Synchronization Service