SailPoint Architect - IAM/IGA

About us:  

Passion for food. Hunger for tech. We make METRO digital.  

Today technology is driving the world. And at METRO.digital we are driving the technology for one of the leading international wholesalers specializing in food - METRO. From e-commerce to checkout, to delivery software, we work on a wide range of products to make each day a success for our customers and colleagues. With passion and ownership, we build the future of wholesale.   

You are driving to create smart solutions for customers around the globe? You want to grow in a flexible environment? Let the right career opportunity find you and join us!  

As a Senior IGA Architect specializing inSailPoint Identity Security Cloud (ISC), you will shape and advance the global identity governance architecture for METRO. You will drive the evolution of IGA as a foundational capability for security, compliance, and digital business enablement.

This role blendsstrategic architecture ownership with ahands‑on, delivery‑oriented mindset. You will define target architectures and standards, guide technical implementation, and support complex integrations across the enterprise. Your work ensures that architectural decisions are scalable, secure, and aligned with long‑term business and technology strategies.

You will design sustainable architectures for hybrid and cloud environments, ensure consistency across IGA initiatives, and translate strategic IAM/IGA roadmaps into actionable architectural patterns. Collaboration with Enterprise Architecture, Security, HR IT, Business Functions, and external partners is central to driving METRO’s global identity landscape forward.

Your Responsibilities

Strategy, Architecture & Governance

• Evolve and maintain the globalIGA/IAM architecture strategy, aligned with Enterprise Architecture and Security.
• Define architectural principles, standards, and target-state models for:
  • Identity Governance (SailPoint ISC)
  • Access Management (Entra ID)
  • Privileged Access Management (PAM)
• Design scalable, cloud‑ready IAM/IGA architectures for hybrid environments.
• Develop and maintain architectural blueprints, reference architectures, and technical guidelines.
• Ensure architectural consistency across programs, projects, and regional deployments.

Architectural Control & Integration

• Provide architectural leadership for IAM/IGA‑related initiatives, with a focus onSailPoint ISC integrations.
• Ensure adherence to architectural, security, and compliance standards.
• Evaluate new requirements for architectural fit, scalability, and governance impact.
• Support complex integrations (HR systems, directories, applications, PAM tools) from design through implementation.
• Oversee onboarding of new systems into the IGA ecosystem, including connector design, lifecycle automation, and policy enforcement.
• Assist with troubleshooting, root‑cause analysis, and technical decision‑making.
• Work closely with engineering teams to ensure sustainable, maintainable implementations.

Identity Governance & Business Alignment

• Advance identity governance models and access frameworks (RBAC, ABAC, business roles, access certifications).
• Support integration of IGA into business processes across the identity lifecycle (Joiner, Mover, Leaver).
• Incorporate regulatory requirements (SOX, ISO 27001, GDPR) and audit findings into architectural design.
• Ensure alignment between business needs, security requirements, and technical capabilities.

Stakeholder Management & Communication

• Advise IT, business stakeholders, and leadership on strategic IAM/IGA decisions.
• Conduct architectural reviews, design workshops, and technical deep dives.
• Communicate complex technical concepts clearly to non‑technical audiences.

Innovation & Continuous Improvement

• Evaluate emerging technologies, trends, and best practices in IGA.
• Develop architectural guidelines and reusable patterns for SailPoint ISC and Entra ID.
• Mentor engineers strengthen internal IAM/IGA capability.

What You Bring

Professional Background

• Degree in (Business) Informatics or equivalent qualifications
• 8+ years of experience in IAM/IGA
• Proven experience designing and implementingenterprise‑scale IGA solutions, ideally withSailPoint ISC or IdentityIQ.
• Strong understanding ofEntra ID, directory services, and identity lifecycle automation.
• Experience integrating complex enterprise systems into IGA platforms.
• Ability to alternate between high‑level architecture and hands‑on technical work.

Technical Skills

• Deep knowledge of IAM/IGA standards and protocols: AD, LDAP, SAML, OAuth, OIDC.
• Expertise withSailPoint ISC (or IIQ), including:
  • Identity lifecycle automation
  • Access request workflows
  • Role modeling
  • Connector frameworks
  • Policy and certification models
• Understanding modern cloud architecture (Azure, AWS, GCP).
• Familiarity with regulatory frameworks (SOX, ISO 27001, GDPR).

Nice to Have

• Experience with Zero Trust architecture.
• Manufacturer certifications (SailPoint, Microsoft, etc.).
• Experience in global transformation programs or international environments.
• Certifications such as CISSP, CISM, and CCSP.

Soft Skills

• Strong conceptual and analytical thinking.
• Ability to communicate complex topics clearly and structured.
• High degree of independence, ownership, and accountability.
• Team‑oriented, pragmatic, and solution‑driven working style.
• Excellent English skill

 Only include if they are going to be exclusive to IGA and not AM or PAM

 yes, they are only for IGA. There will be another architect for cross functional role

What kind of degree, and why was this one chosen over something like CS or Cyber?

General Bachelors degree. I don't think this is something that must relate to cyber security in general.

Which ones are you looking for? You have specific certs listed below, but not here where it would really matter.

Also, if this role is specific to SailPoint as indicated in the first paragraph, why bother with a MSFT cert.

Why are these nice to have if this is more of a technical role? This seems un-neede

Graduate OR Post Graduate