IAM Architect – User Provisioning & Access Control
IAM Architect – User Provisioning & Access Control
Portugal - Lisbon Apply NowJoin our team at AMGEN Capability Center Portugal, number 1 company in Best Workplaces - https://www.greatplacetowork.pt/ - ranking in Portugal (category 201-500 employees) by the Great Place to Work Institute. We have a team of over 300 talented people and more than 35 different nationalities, diverse areas of expertise and professional experience that are shaping the future of healthcare. This is your chance to explore a world of opportunities in different areas such as Cybersecurity, Data & Analytics, Digital, Technology and Innovation, Finance, General & Admin, Human Resources, Regulatory Affairs and many more. In Lisbon's city center, our AMGEN office fosters innovation, excellence, and inspiration. Come thrive with us at AMGEN, supporting our mission To Serve Patients. What we do at AMGEN matters in people’s lives.
IAM ARCHITECT – USER PROVISIONING & ACCESS CONTROL
LIVE
WHAT YOU WILL DO
ABOUT THE ROLE
Role Description:
As a IAM Architect – User Provisioning & Access Control at Amgen’s Capability Center Portugal (ACCP), you will take the lead in designing and implementing robust information system architectures that support evolving business needs. Your role will involve analyzing requirements, crafting scalable architectural solutions, evaluating cutting-edge technologies, and ensuring alignment with industry standards, governance frameworks, and best practices.
You will be instrumental in building secure and scalable identity governance solutions, with a strong focus on developing and refining Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC) models.
Roles & Responsibilities:
- Design and implement comprehensive identity provisioning workflows for users, systems, and applications
- Develop standardized models to support joiner/mover/leaver processes
- Ensure solutions are scalable, secure, and compliant with internal policies and external regulations
- Provide technical and governance oversight across all provisioning projects, acting as the lead architect from analysis through delivery
- Lead the development and continuous improvement of RBAC models, including role mining, engineering, and lifecycle management
- Define and manage identity governance policies, including access reviews, certifications, and entitlement management
- Integrate governance frameworks with provisioning and access control mechanisms
- Manage access reviews and certifications, enforce Segregation of Duties (SoD) controls, and ensure audit readiness
- Support governance reporting, compliance audits, and risk assessments
- Define response and remediation procedures for identity-related issues
- Collaborate with infrastructure and application teams to integrate IAM tools with enterprise systems
- Automate provisioning and deprovisioning tasks using scripting and workflow tools to enhance efficiency
- Provide strategic direction and technical leadership in provisioning architecture
- Promote best practices in access control, least privilege, and zero trust principles
- Partner with stakeholders across security, compliance, HR, and IT to align provisioning capabilities with business objectives
- This position may include after-hours and on-call responsibilities
WIN
WHAT WE EXPECT OF YOU:
Our ideal candidate
- Holds a relevant degree and has deep expertise in identity provisioning across hybrid environments
- Experienced in IAM architecture, including RBAC, ABAC, and policy-driven access models
- Proficient in directory services (Active Directory, LDAP) and account reconciliation
- Skilled in IAM tools (e.g. SailPoint, CyberArk, Okta, ForgeRock, Microsoft Entra ID) and protocols (SAML, OAuth, SCIM)
- Familiar with automation scripting (PowerShell, Python) and workflow tools
- Understands compliance frameworks (SOX, GxP) and has experience with audits and risk assessments
- Strong communicator with excellent documentation and stakeholder management skills
- Holds relevant certifications (e.g. CIAM, CISSP) and has exposure to CIEM, PAM, or IGA platforms
- Experienced in cloud-based access governance (AWS, Azure, GCP)
- Demonstrates strong analytical, troubleshooting, and problem-solving abilities
- Available for rotational on-call duties during evenings and weekends
THRIVE
WHAT YOU CAN EXPECT OF US
• Vast opportunities to learn, develop, and move up and across our global organization.
• Diverse and inclusive community of belonging, where colleagues are empowered to bring ideas to the table, take risks, and act.
• Generous Amgen Total Rewards Plan comprising healthcare, finance, wealth and career benefits.
• Flexible work arrangements.
APPLY NOW FOR A CAREER THAT DEFIES IMAGINATION
In our quest to serve patients above all else, Amgen is the first to imagine, and the last to doubt. Join us.
CAREERS.AMGEN.COM
EQUAL OPPORTUNITY STATEMENT
Amgen is an Equal Opportunity employer and will consider you without regard to your race, colour, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status.
We will ensure that individuals with disabilities are provided a reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request an accommodation.
