Job Title

SailPoint IdentityIQ Architect is responsible to design and lead compliant identity governance solutions for highly regulated sectors like pharmaceuticals, biotech, and medical devices, where systems must adhere to standards such as 21 CFR Part 11, EU Annex 11, GAMP 5, and data integrity principles (ALCOA+). Role ScopeSailPoint IdentityIQ Architect oversees the full lifecycle of IIQ implementations, from initial architecture to ongoing governance, ensuring all components support validated operations that minimize risks to product quality, patient safety, and regulatory audits. They act as the primary technical authority, bridging IT security, quality assurance (QA), and business stakeholders to deliver scalable, audit-defensible IAM solutions. Expectations include hands-on leadership in complex, multi-environment deployments (dev/test/prod) with zero-downtime strategies for production GxP systems. Core ResponsibilitiesSolution Architecture: Design end-to-end IIQ architectures, including aggregation, provisioning/de-provisioning, certifications, role-based access control (RBAC), segregation of duties (SoD), and compliance modules, optimized for GxP workloads like LIMS, MES, ERP (SAP), and clinical trial systems.GxP Compliance Leadership: Conduct risk assessments (FMEA), author validation master plans (VMP), and execute IQ/OQ/PQ protocols; ensure electronic signatures, audit trails, and change control align with FDA/EMA requirements.Integration Mastery: Build and validate connectors for directories (AD/LDAP/Azure AD), HR systems (Workday/SuccessFactors), ticketing (ServiceNow), and GxP apps; implement Joiner-Mover-Leaver (JML) automations with failover mechanisms.Customization and Optimization: Develop advanced rules (Beanshell, Java, Velocity), workflows, forms, and APIs; performance-tune for high-volume environments (e.g., 100k+ identities); manage upgrades/patching with regression testing.Audit and Governance: Lead access reviews, remediation campaigns, and CAPA processes; prepare for inspections by generating compliant reports and defending configurations.Team Leadership: Mentor engineers, conduct code reviews, and provide advisory support on SDLC artifacts (requirements, design specs, traceability matrices). Required QualificationsExperience: 10+ years in IAM/IGA, with 7+ years architecting IIQ (8.x+ preferred); 5+ years in GxP/pharma with proven validation deliveries.Domain Expertise: Deep knowledge of identity lifecycle management, least privilege, and regulatory frameworks (HIPAA, GDPR in addition to GxP). Technical ProficienciesDomainEssential Skills and ToolsIIQ CoreLifecycle Manager (LCM), Compliance Manager, Role Mining, Access Request, SOD Configurator; clustering, HSM integration DevelopmentJava 8+, Beanshell scripting, XML/XSLT, REST/SOAP APIs, SQL (Oracle/PostgreSQL), PowerShell InfrastructureApp servers (Tomcat/JBoss), databases, Linux/Unix, cloud (AWS/Azure for hybrid GxP) GxP-SpecificValidation tooling (HP ALM, Jira), risk management (GAMP categories), data integrity controls IntegrationsConnectors (JDBC, SAP, O365, Workday); SIEM (Splunk), PAM (Delinea/CyberArk) Preferred Certifications and Soft SkillsSailPoint Certified IIQ Architect/Engineer; CISSP, CISM. Exceptional communication for executive briefings, QA negotiations, and global teams; proactive problem-solving in high-stakes audits.