Identity & Access Management (IAM) Engineer, Lead

Overview

Who we are

Collaborative. Respectful. A place to dream and do. These are just a few words that describe what life is like at Toyota. As one of the world's most admired brands, Toyota is growing and leading the future of mobility through innovative, high-quality solutions designed to enhance lives and delight those we serve. We're looking for talented team members who want to Dream. Do. Grow. with us.

An important part of the Toyota family is Toyota Financial Services (TFS), the finance and insurance brand for Toyota and Lexus in North America. While TFS is a separate business entity, it is an essential part of this world-changing company- delivering on Toyota's vision to move people beyond what's possible. At TFS, you will help create best-in-class customer experience in an innovative, collaborative environment.

Identity and Access Management Operations Engineer, Lead

Location: Plano, TX

To save time applying, Toyota does not offer sponsorship of job applicants for employment-based visas or any other work authorization for this position at this time.

Who We're Looking For

We're seeking an experienced Identity and Access Management (IAM) Operations Engineer to join our Information Security team at Toyota Financial Services.

The ideal candidate will be a subject matter expert in SailPoint Identity IQ (IIQ) and Identity Security Controls (ISC), with strong hands-on expertise in identity lifecycle management and access governance.

Experience with other IAM technologies such as Okta/Auth0 CIAM, as well as Okta Workforce SSO/MFA, is a plus.

This role requires a technical expert who can drive IAM operations, mentor junior engineers, and collaborate across teams to ensure secure, compliant, and efficient identity Operations.

What You'll Be Doing

• Manage the operation, support, and enhancement of SailPoint IdentityIQ (IIQ) and ISC platforms, focusing on identity lifecycle management, access governance, policy automation, and HR system integrations.
• Collaborate closely with Governance, Incident Response, Engineering, and Compliance teams to align IAM operations with organizational policies and regulatory requirements (SOX, GDPR, PCI-DSS).
• Operate and support Okta/Auth0 CIAM platforms as secondary responsibilities, ensuring secure and scalable customer identity solutions.
• Lead technical efforts during identity-related security incidents, providing expert guidance and resolution.
• Maintain and support IIQ Rules (e.g., Before/After Provisioning Rules, Correlation Rules, Custom Workflows).
• Maintain IIQ application onboarding configurations, including schema updates, attribute mappings, and provisioning policies.
• Support IIQ Certifications, including campaign setup, execution, monitoring, and remediation.
• Mentor and coach junior IAM engineers, fostering knowledge sharing and skill development within the team.
• Drive continuous improvement initiatives by staying current with IAM trends, emerging technologies, and best practices.
• Support integration and operational readiness of other IAM tools and PAM solutions as needed.
• Ensure IAM processes and solutions meet audit readiness and compliance standards.

• 7+ years of hands-on experience in Identity and Access Management, with expert-level proficiency in SailPoint IdentityIQ (IIQ) and ISC.
• Deep expertise in identity lifecycle management, including joiner/mover/leaver workflows, access certification, policy automation, Connector configuration and troubleshooting (AD, HR systems, SaaS apps) and HR system integration within SailPoint.
• Strong understanding of compliance frameworks (SOX, GDPR, PCI-DSS) and experience aligning IAM operations with audit requirements.
• Experience with ITIL, Lean, and Agile methodologies and tools (Jira, Confluence, ServiceNow).
• Experience with migration between IIQ and ISC or hybrid coexistence models (a major plus).
• Experience with SailPoint REST APIs for automation and operational tooling.
• Ability to write or troubleshoot BeanShell (IIQ) and JSON-based rules (ISC).
• Familiarity with SailPoint plugin management, including installation, configuration, and troubleshooting.
• Experience with custom connector troubleshooting, including schema discovery and provisioning logic.
• Understanding of Identity Governance concepts, such as SoD policies, risk scoring, and access modeling.
• Familiar with CIAM platforms such as Okta and Auth0, with experience designing and managing customer identity solutions is a plus.
• Proficient in identity and access protocols including SAML, OAuth2, OIDC, and WebAuthN.
• Proven ability to mentor and lead technical teams in complex IAM environments.

• Bachelor's degree in computer science, Information Security, or related field.
• IAM certifications such as SailPoint, ISC2 SSCP, CISSP Associate, or equivalent.
• Experience integrating IAM solutions with cloud platforms like AWS or Azure.
• Exposure to API Access Management, Identity Governance, and Role-Based Access Control (RBAC).

• A work environment built on teamwork, flexibility, and respect.
• Professional growth and development programs to help advance your career, including tuition reimbursement.
• Team Member Vehicle Purchase Discount.
• Toyota Team Member Lease Vehicle Program (if applicable).
• Comprehensive health care and wellness plans for your entire family.
• Toyota 401(k) Savings Plan with a company match, plus an annual retirement contribution from Toyota regardless of your own contributions.
• Paid holidays and paid time off.
• Referral services for prenatal services, adoption, childcare, schools, and more.
• Tax advantaged Accounts (Health Savings Account, Health Care FSA, Dependent Care FSA).
• Relocation assistance (if applicable).