Specialist - Identity & Access Management (MS Entra-ID & PAM)

c) Accountabilities

1. Saviynt CPAM

• Manage day-to-day administration, configuration, support, and optimization of Saviynt CPAM solutions with emphasis on privileged access governance, identity governance, and access lifecycle controls.

• Configure and maintain request workflows, approval workflows, role models, technical rules, email templates, Sav4Sav jobs, and entitlement structures.

• Integrate CPAM with Server, Cloud platform, DB and onboarding activities within Saviynt CPAM, including connectors, access models, policy configuration, and workflow integration.

• Support periodic upgrades, patching, release validation, and defect resolution to maintain platform reliability and performance.

• Configure vaulting, session monitoring, and credential rotation.

2. Privileged Access Governance and Compliance

• Design and implement access governance controls for privileged and high-risk access, aligned with least privilege, segregation of duties, and audit requirements on basis of least privilege and Zero Trust principles.

• Configure Just-In-Time (JIT) and eligible vs active access models.

• Define and manage Privileged roles, Emergency access (break-glass), Access request and approval workflows.

• Drive certification campaigns, access reviews, entitlement recertification, and policy attestation activities across privileged and non-privileged access domains.

• Produce operational and compliance evidence, dashboards, and risk insights required for internal audit, external audit, and security assurance activities.

3. Microsoft Entra and Hybrid Identity Engineering

• Administer Microsoft Entra ID and related hybrid identity services, including enterprise applications, app registrations, Graph API permissions, identity protection, access reviews, and lifecycle governance.

• Implement and support secure authentication and federation capabilities using SAML, OAuth, OpenID Connect, WS-Federation, MFA, conditional access, and Single Sign-On.

• Manage Entra Connect synchronization, hybrid identity configurations, cloud object lifecycle, and troubleshooting across connected systems.

• Support Entra Privileged Identity Management (PIM), B2B/B2C requirements, device registration, and policy enforcement aligned with enterprise security standards.

4. Automation, Integration, and Service Improvement

• Integrate CPAM with Saviynt IGA platform for end-to-end lifecycle

• Identify and implement automation opportunities to reduce manual provisioning effort, improve request turnaround times, and strengthen control effectiveness.

• Support integrations using REST APIs, Connectors (AD, Azure, DB, Cloud) JSON, Microsoft Graph API, and scripting tools such as PowerShell and KQL.

• Collaborate with engineering teams and vendors to assess design gaps, prioritize enhancements, and improve the end-to-end IAM service experience.

5.Operational Support and Stakeholder Management

• Act as a Specialist for Saviynt CPAM and Microsoft Entra related incidents, service requests, improvements, and technical guidance.

• Work effectively with global stakeholders across security, infrastructure, application teams, vendors, and managed service partners.

• Maintain high-quality operational documentation, standards, support procedures, and knowledge articles to improve consistency and resilience.

Experience / skills required:

Specialist should have min 7 to 8 years of total experience in handling IAM technologies like - Azure Active Directory / Microsoft ENTRA-ID, PAM (Saviynt CPAM) with 3+ years with L3 exposure support.

• Bachelor's degree in computer science, Information Security, Engineering, or a related technical discipline; equivalent practical experience may be considered.

• Proven experience in IAM operations and engineering with increasing responsibility in a global enterprise environment.

• Relevant certifications preferred, including SC-300: Microsoft Identity and Access Administrator. Saviynt product certifications and ITIL knowledge are advantageous.

Flexibility is key to our success. Talk to us about what flexibility means to you, so that you're supported to manage your wellbeing and balance your priorities from day one.

We recognise and value performance, offering our people a highly competitive Rewards and Benefits package including:

Our purpose is to celebrate life, every day, everywhere. And creating an inclusive culture, where everyone feels valued and that they can belong, is a crucial part of this.

We embrace diversity in the broadest possible sense. This means that you'll be welcomed and celebrated for who you are just by being you. You'll be part of and help build and champion an inclusive culture that celebrates people of different gender, ethnicity, ability, age, sexual orientation, social class, educational backgrounds, experiences, mindsets, and more.

Our ambition is to create the best performing, most trusted and respected consumer products companies in the world. Join us and help transform our business as we take our brands to new heights and build new ones as part of shaping the next generation of celebrations for consumers around the world.

Feel inspired? Then this may be the opportunity for you.

If you require a reasonable adjustment, please ensure that you capture this information when you submit your application.

Recruitment Scam Warning

Protecting candidates is very important to us. All communications regarding your application will come from an email address ending in @diageo.com. In our recruitment process, we'll never ask for money.

Client-provided location(s): Bangalore, India

Job ID: Diageo-JR1126372

Employment Type: FULL_TIME

Posted: 2026-05-27T19:27:47