Cyber Data & Tech Risk Managed Services JD IAM Engineering Sr Associate
A career at PwC Cyber Data & Tech Risk Managed Services offers you the opportunity to deliver strategic cybersecurity solutions that safeguard our clients critical business and data assets. As an engineer, the IAM Engineer is responsible for the end-to-end delivery, engineering, and operational support of Identity and Access Management (IAM) capabilities across enterprise client environments. This role focuses on Identity Governance & Administration (IGA), Privileged Access Management (PAM), and Access Management (AM), driving secure identity lifecycle processes, automation, and continuous improvement while ensuring governance, compliance, and audit readiness.
You will collaborate closely with clients, internal stakeholders, and global experts to drive cyber resilience, regulatory compliance, and innovation. You will provide hands-on technical delivery, operational excellence, and continuous improvement across cyber managed services programs.
- Share and collaborate effectively with others, creating a positive team spirit.
- Identify and make suggestions for improvements when problems and/or opportunities arise.
- Validate data and analysis for accuracy and relevance.
- Follow risk management and compliance procedures.
- Keep up to date with developments in my area of specialty
- Communicate confidently in a clear, concise and articulate manner - verbally and in written form.
- Seek opportunities to learn about the wider economy alongside the business models/corporate governance and/or regulatory environment of our clients
- Uphold the firm's code of ethics and business conduct
Basic Qualifications:
Degree Required: Bachelors or masters
Minimum Years of Experience: Over 5 years of hands-on IAM engineering, implementation, and operations support
Preferred Knowledge/Skills: Relevant experience in end-to-end support of IAM services and certifications like CISSP, CISM, CISA, GIAC (GCIH, GSEC, GCIA), CCSP, or equivalent is desirable.
Certifications specific to IAM (e.g., SailPoint Certified Engineer, CyberArk Trustee, Okta Certified Administrator or Microsoft SC-300) are an advantage.
Demonstrates knowledge and/or a proven record of success in one or more of the following areas:
- Identity Governance and Administration:
- Configuring, administering, and supporting Identity Governance and Administration (IGA) tools such as SailPoint ISC/IIQ, Saviynt, or equivalent platforms.
- Implementing and optimizing access request management, approval workflows, and automated provisioning/de-provisioning processes to enhance efficiency and governance adherence.
- Applying user lifecycle management best practices including role-based access control (RBAC), segregation of duties (SoD), and least privilege principles aligned to client policy and regulatory requirements.
- Configuring identity workflows, role and entitlement models, and access approval processes tailored to client-specific business needs and compliance requirements.
- Performing periodic access reviews/certifications, support remediation activities, and maintain audit-ready evidence for IAM controls and processes.
- Privileged Access Management (PAM)
- Administering Privileged Access Management (PAM) solutions including CyberArk, Delinea, BeyondTrust, or similar technologies, ensuring secure privileged account onboarding, credential rotation, session management, and policy enforcement.
- Access Management (AM)
- Supporting Access Management (AM) capabilities including Single Sign-On (SSO), Multi-Factor Authentication (MFA), and federation protocols (SAML, OAuth, OpenID Connect) using platforms such as Ping, Okta, Microsoft Entra ID, ForgeRock, or equivalent.
Demonstrates knowledge and/or a proven record of success in the following areas:
- Owning incident, problem, and change management activities related to IAM/PAM services, following ITIL practices and using service management platforms such as ServiceNow and Jira.
- Developing and maintaining operational documentation, runbooks, knowledge articles, and standard operating procedures (SOPs) to enable consistent delivery and audit readiness.
- Driving automation and integration using scripting (PowerShell, Python, Ruby), REST APIs, and tooling (e.g., Postman) to reduce manual effort and improve service reliability.
- Collaborating cross-functionally with IT security, risk, compliance, and application owners to onboard systems and validate secure integrations into the IAM architecture.
- Monitoring service health, support SLA adherence, perform root cause analysis (RCA) for recurring issues, and recommend continuous improvements.
Responsibilities:
Service Delivery & Operations
- Provide operational support for IGA, PAM, and AM platforms including monitoring, troubleshooting, and break/fix.
- Execute standard changes (new app onboarding, connector configuration, policy updates) and support platform upgrades and patching activities under change control.
- Participate in on-call rotations and major incident response for IAM services, coordinating with stakeholders until resolution.
- Maintain accurate ticket updates, communication, and documentation to ensure timely resolution and customer satisfaction.
- Handle L3 escalations for IAM incidents and complex service requests, driving technical triage and resolution.
- Lead complex application onboarding, including requirements gathering, integration design, connector configuration, and end-to-end validation.
Engineering, Automation & Continuous Improvement
- Design and implement repeatable automation for joiner/mover/leaver processes, privileged access onboarding, and access review remediation using scripts and APIs.
- Create dashboards/metrics to track operational performance (ticket trends, SLA compliance, access review completion, privileged account coverage) and identify improvement opportunities.
- Contribute to platform hardening, configuration standards, and secure-by-default patterns for IAM services.
- Provide architecture guidance and solution design for IAM capabilities and integrations, aligning to target-state architecture and security standards.
- Deliver strategic recommendations and roadmaps for IAM tooling, automation, and process improvements based on risk, compliance, and operational insights.
- Plan and execute IAM tool migrations and platform transitions (including upgrades and consolidations), ensuring controlled cutover, minimal disruption, and stakeholder readiness.
Governance, Compliance & Reporting
- Ensure IAM activities are executed in accordance with PwC policies, client governance frameworks, and applicable regulatory requirements.
- Support audits by producing evidence of IAM controls, process adherence, and remediation actions; maintain traceability for access approvals and certifications.
- Assist in preparing periodic status reports and operational summaries for client and internal stakeholders.
Tools Knowledge:
Identity & Access Management: Active Directory, SailPoint Identity Now IIQ/ISC, CyberArk, Saviynt, Ping Access/Federate, Microsoft Entra ID, Okta, ForgeRock
Scripting & Automation: PowerShell, Python, Ruby, REST APIs
Support & Management Platforms: ServiceNow, Jira, Git
Databases & Protocols: SQL (MSSQL/Oracle), Java fundamentals, SAML, OAuth, OpenID Connect
Utilities: Postman, Putty, WinS
