Lead Saviynt Engineer

The Lead Saviynt Engineer will own and evolve our Saviynt Enterprise Identity Cloud (EIC) platform, which is the centerpiece of our Identity Governance and Administration program. This role is responsible for supporting day-to-day operations of the Saviynt IGA system and driving enhancements, including managing entitlements, configuring security systems & connectors, setting up endpoints for target systems, and enforcing segregation of duties (SoD) policies. As a lead, the engineer will guide the IAM team in implementing new capabilities, integrating applications (on-premises and cloud such as Entra ID/Azure AD, AWS, GCP), and ensuring the platform meets compliance requirements like SOX.
Team Collaboration: Works with the technical IAM team and coordinates with Business Analysts and project managers on identity projects. Works with application owners, database administrators, and IT teams across the enterprise to onboard systems into Saviynt. Frequently collaborates with the Security Compliance/Audit team to support access certification campaigns and SoD controls, and with IT service teams (e.g., HR systems, ServiceNow team) to integrate identity workflows.
Key Responsibilities:
• Saviynt Platform Ownership: Serve as the primary Architect and Engineer for the Saviynt EIC platform. Manage global configuration settings, identity repositories, and platform upgrades/patches to ensure Saviynt is running optimally and securely. Monitor system health, job queues, and workflows, addressing any issues or performance bottlenecks.
• Connector & Integration Management: Configure and maintain Saviynt connectors and endpoints for various systems: e.g., Active Directory (on-prem AD), Entra ID (Azure AD), SaaS applications, databases, and cloud infrastructure (AWS, GCP). Ensure that accounts and entitlements from these systems are being imported and provisioned correctly. Develop new connectors or scripts (using REST APIs or JDBC) for any custom integrations required. Oversee integration with ServiceNow for access request workflows.
• Entitlement Management & SoD: Define and manage entitlement catalogs and role definitions within Saviynt for applications. Implement Segregation of Duties (SoD) policies and preventative controls in the platform – e.g., set up SoD rules and risk matrices so that access requests and role assignments trigger appropriate SOD conflict checks. Work with business owners to configure certification campaigns and automated access reviews aligning with regulatory requirements (such as periodic SOX user access reviews).
• Project Leadership & Enhancements: Lead Saviynt-related projects and enhancements (e.g., onboarding new applications, enabling new features like identity analytics or mobile access). Gather requirements from stakeholders and design solutions using Saviynt’s capabilities (e.g., build dynamic roles, create custom workflows, implement identity triggers). For instance, spearhead upcoming integrations for cloud platforms – building connectors for AWS and GCP accounts to manage their lifecycle through Saviynt. Ensure changes are tested (UAT) and follow change management processes before production rollout.
• Compliance & Audit Support: Oversee the execution of access certification campaigns and onboarding of high-risk applications to meet compliance needs. Provide technical support during internal and external audits – generating reports on user access, SoD violations, and remediation status from Saviynt. Implement controls and remediation in the Saviynt system as audit findings demand and ensure the platform’s security configuration aligns with industry best practices and SOX controls.
• Team Leadership & Knowledge Sharing: Guide and mentor a small team of IAM engineers working with the Saviynt platform. Establish best practices for configuration management, development (promotion of changes across Dev/UAT/Prod), and incident response for identity services. Document key configurations and train backup personnel to administer Saviynt. Coordinate with the Saviynt vendor support for complex issue resolution and stay updated on new EIC features and releases.

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com.To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.

• Education & Experience: Bachelor’s degree in Computer Science, Information Systems, or related. 10+ years of experience in Identity and Access Management, with at least 3–5 years specializing in Identity Governance solutions (Saviynt EIC or similar IGA products like SailPoint). Experience in leading IAM projects or teams is required.
• IGA Platform Expertise: Hands-on expertise with Saviynt (preferred) or a comparable IGA platform. Able to configure connectors (e.g., AD, Azure AD, REST, JDBC) and troubleshoot provisioning jobs and reconciliation issues. Familiarity with Saviynt objects like security systems, endpoints, entitlements, technical rules, and workflows. Experience designing roles and certifications in an IGA tool. (Saviynt certifications or training would be a plus.)
• Broad Technology Familiarity: Solid understanding of enterprise directories (AD, Azure AD), cloud platforms (AWS, GCP), and enterprise applications (SAP, Oracle, etc.) from an identity integration perspective. Comfortable with RESTful APIs and JSON data exchange, as used by Saviynt connectors. Ability to read and write scripts or Java/Groovy rules for extending Saviynt functionalities. Experience with SQL for analytics or reports (Saviynt queries) is useful.
• DevOps & Automation: Experience using DevOps practices for deploying and managing configuration changes (version control, pipeline for Saviynt configurations if applicable). Familiarity with Terraform or infrastructure-as-code is beneficial, as our environment is moving toward codifying IAM configurations. Proficient in PowerShell or Python for any necessary automation outside the IGA tool (e.g., bulk onboarding tasks).
• Compliance & Security Knowledge: Strong knowledge of identity compliance requirements and frameworks (SOX, least privilege, RBAC). Demonstrated ability to implement and enforce SoD controls and conduct access reviews using an IGA platform. Understands access certification processes and can liaise with auditors on evidence from Saviynt. Also familiar with data privacy considerations and lifecycle management of identities (joiner/mover/leaver).
• Leadership & Communication: Excellent problem-solving and organizational skills, with the ability to prioritize and manage multiple onboarding projects. Proven leadership in coordinating technical teams and driving deliverables. Effective communicator who can translate identity governance concepts to technical teams, business stakeholders, and leadership. Comfortable leading meetings, training sessions, and coordinating user acceptance testing with stakeholders for new integrations.

• Experience supporting large-scale, customer-facing identity platforms.
• Deep experience with Azure AD B2C policy extensibility, REST technical profiles, and external claims providers.
• Working knowledge of KQL and Azure Monitor for identity diagnostics.
• Familiarity with identity-related security practices (conditional access concepts, token validation, least privilege).
• Experience communicating architectural tradeoffs to non-technical stakeholders.

Benefit packages for this role will start on the 1st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.