Sr Identity & Access Governance (IGA) Engineer (Sailpoint)

Your Opportunity

Your opportunity

At Schwab, you are empowered to make an impact on your career. Here, innovative thought meets creative problem solving, helping us “challenge the status quo” and transform the finance industry together.

We believe in the importance of in-office collaboration and fully intend for the selected candidate for this role to work on site in the specified location(s).

In Schwab Cybersecurity Services (SCS), Office of CISO, we provide platforms, services, and security operations capabilities which enable the firm to produce successful client and shareholder outcomes securely and safely. Securing our IT assets, data, and access to applications is the core of who we are and what we do. We ensure only the appropriate entities have access to IT resources and that we adhere to best practices and standards to ensure a safe and compliant environment is maintained.

Identity and Access Management has an opening for a Security Engineer to deliver and manage large, complex Identity and Access Management programs in the area of Identity Governance & Administration. The individual will ensure adherence to policy and provide leadership to the implementation of leading-edge technology to position the organization for success – improving efficiency, increasing security posture, and supporting growth of the firm’s Identity and Access Management (IAM) Program.

What You’ll Do

• Serve as a Senior Identity Governance & Administration (IGA) Engineer, owning the design, implementation, automation, and operational maturity of enterprise IGA solutions across on‑prem and cloud environments.
• Lead the delivery of IGA solutions (e.g., SailPoint and other enterprise cloud based IGA platforms), supporting identity lifecycle (Joiner/Mover/Leaver), access requests, certifications, and policy enforcement.
• Drive IGA automation and AI readiness, leveraging workflow automation, event‑driven integrations, and analytics to reduce manual operations, improve access accuracy, and scale identity governance.
• Leverage AI and advanced analytics within IGA solutions to enhance risk detection, access recommendations, certification efficiency, and entitlement rationalization.
• Use IGA controls to protect AI systems and workloads, ensuring proper identity lifecycle governance, least privilege access, model/service ownership controls, and auditable access to AI platforms and data.
• Act as a technical authority and design partner to Security Architecture, IAM Governance, Infrastructure, and Application teams to define end‑to‑end identity and access solutions.
• Design and implement complex integrations with applications, data platforms, AI services, and infrastructure using REST APIs, connectors, SCIM, flat files, and event messaging.
• Develop and maintain custom IGA extensions including rules, workflows, transforms, and integrations using Java, BeanShell, Python, and scripting technologies.
• Lead access model design and optimization, including RBAC/ABAC strategies, entitlement consolidation, token bloat reduction, and least‑privilege enforcement.
• Provide senior technical leadership for IGA upgrades, cloud migrations, platform enhancements, and security remediation initiatives.
• Partner with audit, risk, and compliance teams to ensure alignment with security controls and regulatory requirements (e.g., SOX, SOC), proactively identifying and remediating gaps.
• Collaborate with Scrum Masters, Product Owners, and Project Managers to deliver solutions through Agile / SAFe execution models from design through production.
• Provide cross‑IAM support and guidance, collaborating with teams responsible for LDAP, Active Directory, SSO/federation, and Privileged Access Management (PAM) tools.
• Produce and own technical architecture documentation, standards, and operational runbooks, and mentor junior engineers to raise overall team capability.
• Contribute to the IAM and IGA strategy and roadmap, including future‑state capabilities for cloud identity, AI‑driven governance, and integrated IAM platforms.

What you have

Required Qualifications

• Bachelor’s degree in Computer Science, Engineering, or a related technical field (or equivalent practical experience).
• 6+ years of experience in Identity & Access Management, with strong depth in Identity Governance & Administration (IGA).
• Hands‑on experience with enterprise IGA platforms (e.g., SailPoint or equivalent), including lifecycle management, access requests, certifications, and policy enforcement.
• Proven experience delivering large‑scale IGA implementations, cloud migrations, upgrades, and complex customizations in enterprise environments.
• Strong development and automation experience with Java/J2EE, BeanShell, Python, REST APIs, and scripting languages.
• Experience integrating IGA solutions across LDAP/Active Directory, SSO/Federation platforms, cloud services, data platforms, and PAM tools.
• Solid understanding of identity governance principles: RBAC/ABAC, SoD, least privilege, entitlement lifecycle management, and access certification frameworks.
• Experience driving automation and AI‑enabled capabilities within IAM or security platforms (analytics, recommendation engines, workflow optimization).
• Working knowledge of cloud identity architectures and standards (SCIM, OAuth2, OIDC, SAML).
• Experience operating in Agile / SAFe environments, with proficiency in tools such as Jira and Confluence.
• Strong ability to translate business, security, compliance, and AI platform requirements into scalable IGA technical solutions.
• Excellent written and verbal communication skills, with the ability to influence technical and non‑technical stakeholders.
• Self‑directed, highly organized, and able to manage multiple priorities in a complex, regulated environment.

Preferred Qualifications

• Security or IAM certifications such as CISSP, CISM, SailPoint certification, or equivalent.
• Experience integrating IGA with Privileged Access Management (PAM) solutions.
• Exposure to governing access to AI/ML platforms, data pipelines, or automation services.

What you are good at

What you have

Required Qualifications

• Bachelor’s degree in Computer Science, Engineering, or a related technical field (or equivalent practical experience).
• 6+ years of experience in Identity & Access Management, with strong depth in Identity Governance & Administration (IGA).
• Hands‑on experience with enterprise IGA platforms (e.g., SailPoint or equivalent), including lifecycle management, access requests, certifications, and policy enforcement.
• Proven experience delivering large‑scale IGA implementations, cloud migrations, upgrades, and complex customizations in enterprise environments.
• Strong development and automation experience with Java/J2EE, BeanShell, Python, REST APIs, and scripting languages.
• Experience integrating IGA solutions across LDAP/Active Directory, SSO/Federation platforms, cloud services, data platforms, and PAM tools.
• Solid understanding of identity governance principles: RBAC/ABAC, SoD, least privilege, entitlement lifecycle management, and access certification frameworks.
• Experience driving automation and AI‑enabled capabilities within IAM or security platforms (analytics, recommendation engines, workflow optimization).
• Working knowledge of cloud identity architectures and standards (SCIM, OAuth2, OIDC, SAML).
• Experience operating in Agile / SAFe environments, with proficiency in tools such as Jira and Confluence.
• Strong ability to translate business, security, compliance, and AI platform requirements into scalable IGA technical solutions.
• Excellent written and verbal communication skills, with the ability to influence technical and non‑technical stakeholders.
• Self‑directed, highly organized, and able to manage multiple priorities in a complex, regulated environment.

Preferred Qualifications

• Security or IAM certifications such as CISSP, CISM, SailPoint certification, or equivalent.
• Experience integrating IGA with Privileged Access Management (PAM) solutions.
• Exposure to governing access to AI/ML platforms, data pipelines, or automation services.