We are currently seeking an Identity & Access Management Engineer with specialization in Identity Governance & Administration (IGA)to join UMG’s global Tech Security & Identity organization. Reporting to the VP, Tech Security & Identity, this is a hands-on engineering role responsible for designing, implementing, andoperatingenterprise IGA capabilities across a complex, global environment.
This engineer will play a critical role in governing digital identities, access entitlements, and lifecycle processes for employees, contractors, and non-employee populations. The role emphasizes strong engineering execution, automation, and operational discipline, partnering closely with security, HR, infrastructure, and application teams to ensure access is provisioned appropriately, reviewed regularly, and removedin a timely manner The ideal candidate brings deep experience with modern IGA platforms,strongunderstanding of access governance controls, and the ability tooperateat scale in a regulated enterprise.
Job Functions
Design, engineer, deploy, andoperateIdentity Governance & Administration (IGA) solutions across the enterprise.
Implement and manage identity lifecycle processes including joiner, mover, and leaver (JML) workflows for employees and non-employee identities.
Engineer andmaintainaccessrequest, approval, and provisioning workflows integrated with HR systems, directories, and enterprise applications.
Design andoperateaccess governance controls including role models, entitlement catalogs, access certifications, and periodic access reviews.
Partner with application owners and platform teams to onboard applications into IGA and remediate access governance gaps.
Develop andmaintainautomation and integrations for IGA workflows using scripting, APIs, and infrastructure-as-code approaches (e.g., PowerShell, Python).
Support segregation of duties (SoD) controls, access policy enforcement, and audit readiness activities.
Troubleshoot and resolve complex identity lifecycle, provisioning, and access-related issues across integrated systems.
Collaborate with Security, HR, Compliance, and Infrastructure teams to ensure identity governance controls align with security policies and regulatory requirements.
Maintain technical documentation, configuration standards, and operational runbooks to support scalable and repeatable IGA operations.
Continuouslyidentifyopportunities to improve access governance maturity, reduce manual effort, and enhance user experience through automation and platform enhancements.
Job Requirements
Essential Qualifications
5+ years of hands-on experience in Identity & Access Management or Security Engineering roles, with a strong focus on Identity Governance & Administration.
Demonstrated experience implementing and operating enterprise IGA platforms (e.g., Saviynt, SailPoint, or equivalent).
Strong understanding of identity lifecycle management, access provisioning, role-based access control (RBAC), and entitlement governance.
Hands-on experience designing and supportingaccesscertification campaigns and remediation processes.
Experience integrating IGA solutions with HR systems, Active Directory / Entra ID, and enterprise applications.
Proficiencyin scripting and automation using tools such as PowerShell or Python.
Experience working in hybrid and cloud environments (Azure and/or AWS) with IAM integrations.
Ability to independently own complex technical deliverables while collaborating effectively within a global organization.
Strong troubleshooting, documentation, and communication skills
Desirable Qualifications
Bachelor’s degree in Computer Science, Information Security, Engineering, ora relatedtechnical discipline.
Experience with advanced IGA capabilities such as role mining, access analytics, or policy-based provisioning.
Familiarity with compliance and audit frameworks such as SOX, ISO 27001, NIST, or similar.
Professional certifications such as Saviynt Certified Professional, SailPoint CertifiedIdentityIQEngineer, Security+, or CISSP.
Experience operating IAM or identity governance platforms within a large, global, or highly regulated enterprise environment.
Universal Music Group is an Equal Opportunity Employer.
Diversity & Inclusion
At Universal Music we are committed to fostering diversity and inclusivity as an equal opportunity employer. We encourage applicants from all backgrounds to apply for our roles regardless of their gender, race, ethnicity, nationality, age, sexual orientation, gender identity, intersex status, marital or family status, neurodiversity, religion or belief, disabilities, or socio-economic background. We also encourage people from all cultural backgrounds to apply, including First Nations people. It is through our diversity and inclusivity that we bring together different perspectives, enhancing our creative and evolving workplace. Music is Universal.
Disclaimer
The company presents this job description as a guide to the major areas and duties for which the jobholder isaccountableHowever, the businessoperatesin an environment that demandschangeand the jobholder's specific responsibilities and activities will vary and develop. Therefore, the job description should be seen as indicative and not as a permanent,definitiveand exhaustive statement.
Technology
Universal Music Group (UMG) is the world leader in music-based entertainment, with a broad array of businesses engaged in recorded music, music publishing, merchandising and audiovisual content in more than 60 countries. Featuring the most comprehensive catalog of recordings and songs across every musical genre, UMG identifies and develops artists and produces and distributes the most critically acclaimed and commercially successful music in the world. Committed to artistry, innovation and entrepreneurship, UMG fosters the development of services, platforms and business models in order to broaden artistic and commercial opportunities for our artists and create new experiences for fans.
Universal Music Group's labels include A&M Records, Astralwerks, Blue Note Records, Capitol Christian Music Group, Capitol Records, Capitol Records Nashville, Caroline, Decca, Def Jam Recordings, Deutsche Grammophon, Disa, Emarcy, EMI Records Nashville, Fonovisa, Geffen Records, Harvest, Interscope Records, Island Records, Machete Music, MCA Nashville, Mercury Nashville, Mercury Records, Motown Records, Polydor Records, Republic Records, Universal Music Latino, Verve Label Group, Virgin Records, Virgin EMI Records, as well as a multitude of record labels owned or distributed by its record company subsidiaries around the world. UMG's catalog is marketed through two distinct divisions, Universal Music Enterprises (in the U.S.) and Universal Strategic Marketing (outside the U.S.).
UMG also includes Universal Music Publishing Group, one of the industry's premier music publishing operations worldwide and Bravado, the leading provider of consumer, lifestyle and branding services to recording artists and entertainment brands around the world. Universal Music Group is a Vivendi company.
Find out more at: http://www.universalmusic.com.
View our current career opportunities at: http://www.umusiccareers.com
