Role Overview
We are seeking a
Principal Engineer – Identity Governance & Administration (IGA)
to serve as the
technical authority and owner
for enterprise-wide identity governance capabilities. This role is responsible for defining and evolving the
governance, lifecycle, and policy layer
that protects company intellectual property, enforces least privilege, and enables Zero Trust at scale.
This is a
deeply technical, hands-on principal role
with end-to-end accountability—from
IGA platform evaluation and selection
to
governance model design, integration engineering, and long-term roadmap ownership
. The ideal candidate brings
expert-level experience with SailPoint, Saviynt, or equivalent enterprise IGA platforms
, combined with strong systems thinking and the ability to design durable governance solutions in complex, global environments.
IGA is a
Tier-0 security capability
. Weak governance leads directly to over-privileged access, toxic combinations, audit failures, and elevated breach impact. This role ensures access is
intentional, justified, reviewable, and continuously governed
—across humans, machines, and AI-driven identities.
Key Responsibilities
IGA Architecture & Technical Ownership
Act as the
principal technical owner
for Identity Governance & Administration platforms and capabilities
Define, document, and evolve
end-to-end IGA architecture
, including:
Identity lifecycle management
Access request and approval workflows
Role, entitlement, and policy models
Certification and review frameworks
Establish
reference architectures, engineering standards, and design patterns
for identity governance
Own the
multi-year IGA roadmap
aligned with enterprise security and Zero Trust strategy
Identity Lifecycle & Access Governance
Design and implement
scalable Joiner / Mover / Leaver (JML)
workflows integrated with:
HR systems
Directories and IAM platforms
Cloud platforms and applications
Build and maintain
RBAC, ABAC, and policy-based access models
that scale across thousands of applications
Implement and optimize:
Access request and approval flows
Periodic access certifications and reviews
Segregation of Duties (SoD) controls
Ensure governance coverage across
human, privileged, and non-human identities
Governance for Non-Human, AI & Machine Identities
Define governance models for
non-human identities
, including:
AI agent identities
Robotic Process Automation (RPA) identities
Service accounts, application identities, and APIs
Ensure machine and AI identities are:
Properly onboarded, approved, and reviewed
Least-privileged and policy-governed
Auditable and lifecycle-managed
Prevent entitlement sprawl, orphaned access, and unmanaged machine identities
Integrate non-human identity governance into enterprise access reviews and compliance reporting
Zero Trust Enablement & Risk Reduction
Embed
least privilege, continuous governance, and defense-in-depth
into all access models
Partner with IAM, Security Architecture, and Cloud teams to ensure governance supports
Zero Trust enforcement
Proactively identify and remediate:
Access sprawl
Toxic combinations
Orphaned and dormant entitlements
Reduce blast radius by ensuring access is
time-bound, role-aligned, and continuously reviewed
Platform Engineering, Integration & Automation
Evaluate, select, and implement
enterprise-grade IGA platforms
(SailPoint, Saviynt, or equivalent)
Engineer robust integrations with:
Directories and IAM systems
Cloud platforms (AWS, Azure, GCP)
Enterprise and SaaS applications
Push beyond “tool configuration” to
engineered governance solutions
Increase automation to reduce manual effort, operational risk, and audit friction
Innovation, Continuity & Technical Leadership
Continuously assess emerging IGA capabilities, identity standards, and automation opportunities
Ensure
knowledge continuity
and eliminate dependency on individual resources
Mentor senior engineers and elevate identity governance maturity across the organization
Make high-judgment tradeoffs between speed, risk, and long-term maintainability
Required Qualifications
Experience
10+ years
of experience in Identity & Access Management with
deep specialization in IGA
Proven experience designing and operating
enterprise-scale identity governance platforms
Technical Expertise
Expert-level hands-on experience with:
SailPoint (IdentityIQ / IdentityNow), Saviynt, or comparable IGA platforms
Strong understanding of:
Identity lifecycle management (JML)
Access governance and certification models
RBAC, ABAC, and policy-driven access control
Segregation of Duties (SoD) design and enforcement
Zero Trust and identity-centric security architecture
Experience integrating IGA platforms with:
HR systems
Directories and IAM platforms
Cloud and SaaS applications
Strong understanding of APIs, integrations, and distributed systems
Architectural & Leadership Skills
Ability to design governance solutions that scale across
global enterprises
Strong systems thinking and long-term architectural judgment
Proven ability to influence architecture and standards without formal authority
Comfortable operating in
ambiguous, high-impact problem spaces
Preferred Qualifications
Experience supporting
global enterprises
with complex identity ecosystems
Strong cloud identity governance experience across AWS, Azure, and/or GCP
Background in security architecture, platform engineering, or large-scale SaaS systems
Familiarity with privileged access governance and non-human identity risk
Experience partnering with GRC, Audit, and Compliance teams
Why This Role Is Critical
Identity governance determines
who gets access, to what, and why
. Without strong IGA, Zero Trust cannot scale, audits become fragile, and security incidents have outsized impact.
This role directly protects the organization from:
Over-privileged access and toxic combinations
Unmanaged AI, robotic, and service identities
Audit failures and compliance exposure
Excessive blast radius during security incidents
This position is for an engineer who wants to
define how identity governance works—not just operate tools
—and who understands that governance is a
core security control, not an afterthought
.
More information about NXP in India...
#LI-7013
