Job Description

About us

With over 200 brands sold in nearly 180 countries, we’re the world’s leading premium drinks company. From global icons like Johnnie Walker, Guinness and Tanqueray to Smirnoff and Don Julio, we create brands consumers love. Bring your passion and use your curiosity as you explore, collaborate and innovate. Together with passionate people from all over the world, you’ll test new ideas, learn and grow, and unlock a brighter, more exciting future.

Join us to create a career worth celebrating.

About the Function:

Our Digital and Technology (D&T) team are innovators, delivering ground-breaking solutions that will help shape the future of our iconic brands. Technology touches every part of our business, from the sourcing of sustainable ingredients to marketing and development of our online platforms. ​​We utilise data insights to build competitive advantage, supporting our people to deliver value faster.

Our D&T team includes some of the most dedicated digital professionals in the industry. Every day, we come together to push boundaries and innovate, shaping the digital solutions of tomorrow. Whatever your passion, we’ll help you become the best you can be, creating career-defining work and delivering breakthrough thinking.

About the role:

Diageo Digital & Technology (D&T) is a multi-functional global shared services function built to drive effectiveness and efficiency across our core operations and achieve our efficiency goals. We fuel growth for our markets through a focus on new capabilities, consistent, common, and available analytics, and data, and equipping our markets and functions through integrated solutions.

The IAM Specialist is responsible for engineering, administration, governance, and continuous improvement of enterprise identity and privileged access services, with deep technical ownership across Saviynt CPAM, Microsoft Entra-ID and Azure RBAC. The role combines operational excellence with platform enhancement, ensuring secure user lifecycle management, privileged access governance, application onboarding, strong authentication, and compliant access controls across cloud and hybrid environments.

Within Digital & Technology, the Identity & Access Management function secures access to business-critical applications, directories, privileged roles, and digital identities across the enterprise. This role partners closely with security, infrastructure, application teams, HR, service providers, and business stakeholders to design, implement, support, and optimize identity services that are resilient, scalable, and audit ready.

Dimensions:

a) Financial

b) Technical Experience

• 4+ years of relavant experience in Identity and Access Management, with strong exposure to enterprise IAM operations, engineering, and governance.
• Deep hands-on expertise in Saviynt CPAM capabilities, workflow management, RBAC, certifications, access policies, application onboarding, reporting, and operational troubleshooting.
• Hands-on experience with Microsoft Graph API, REST APIs, JSON, PowerShell, KQL, and related automation techniques.
• Strong technical knowledge of Microsoft Entra ID / Azure Active Directory and hybrid Active Directory environments.
• Experience with Entra capabilities including SSO, MFA, conditional access, PIM, access reviews, identity protection, app registrations, federation, and hybrid identity.
• Knowledge of authentication and authorization standards such as SAML, OAuth, OpenID Connect, LDAP, APIs, Reverse proxy / Entra-ID application proxy and modern identity federation patterns.
• Experience with core Azure Identity management capabilities like Conditional Access Policy & IDP federation
• Passwordless, MFA, Windows Hello for Business, Passkey
• Azure role-based access control (Azure RBAC) & Privileged identity management (PIM)
• Security monitoring, alerts, & machine learning-based reports
• Strong problem-solving and analytical skills, with the ability to translate business requirements into technical specifications and execute technical deliveries effectively.

c) Accountabilities

1. Saviynt CPAM

· Manage day-to-day administration, configuration, support, and optimization of Saviynt CPAM solutions with emphasis on privileged access governance, identity governance, and access lifecycle controls.

· Configure and maintain request workflows, approval workflows, role models, technical rules, email templates, Sav4Sav jobs, and entitlement structures.

· Integrate CPAM with Server, Cloud platform, DB and onboarding activities within Saviynt CPAM, including connectors, access models, policy configuration, and workflow integration.

· Support periodic upgrades, patching, release validation, and defect resolution to maintain platform reliability and performance.

· Configure vaulting, session monitoring, and credential rotation.

2. Privileged Access Governance and Compliance

· Design and implement access governance controls for privileged and high-risk access, aligned with least privilege, segregation of duties, and audit requirements on basis of least privilege and Zero Trust principles.

· Configure Just-In-Time (JIT) and eligible vs active access models.

· Define and manage Privileged roles, Emergency access (break-glass), Access request and approval workflows.

· Drive certification campaigns, access reviews, entitlement recertification, and policy attestation activities across privileged and non-privileged access domains.

· Produce operational and compliance evidence, dashboards, and risk insights required for internal audit, external audit, and security assurance activities.

3. Microsoft Entra and Hybrid Identity Engineering

· Administer Microsoft Entra ID and related hybrid identity services, including enterprise applications, app registrations, Graph API permissions, identity protection, access reviews, and lifecycle governance.

· Implement and support secure authentication and federation capabilities using SAML, OAuth, OpenID Connect, WS-Federation, MFA, conditional access, and Single Sign-On.

· Manage Entra Connect synchronization, hybrid identity configurations, cloud object lifecycle, and troubleshooting across connected systems.

· Support Entra Privileged Identity Management (PIM), B2B/B2C requirements, device registration, and policy enforcement aligned with enterprise security standards.

4. Automation, Integration, and Service Improvement

· Integrate CPAM with Saviynt IGA platform for end-to-end lifecycle

· Identify and implement automation opportunities to reduce manual provisioning effort, improve request turnaround times, and strengthen control effectiveness.

· Support integrations using REST APIs, Connectors (AD, Azure, DB, Cloud) JSON, Microsoft Graph API, and scripting tools such as PowerShell and KQL.

· Collaborate with engineering teams and vendors to assess design gaps, prioritize enhancements, and improve the end-to-end IAM service experience.

5.Operational Support and Stakeholder Management

· Act as a Specialist for Saviynt CPAM and Microsoft Entra related incidents, service requests, improvements, and technical guidance.

· Work effectively with global stakeholders across security, infrastructure, application teams, vendors, and managed service partners.

· Maintain high-quality operational documentation, standards, support procedures, and knowledge articles to improve consistency and resilience.

Experience / skills required:

Specialist should have min 7 to 8 years of total experience in handling IAM technologies like - Azure Active Directory / Microsoft ENTRA-ID, PAM (Saviynt CPAM) with 3+ years with L3 exposure support.

· Bachelor’s degree in computer science, Information Security, Engineering, or a related technical discipline; equivalent practical experience may be considered.

· Proven experience in IAM operations and engineering with increasing responsibility in a global enterprise environment.

· Relevant certifications preferred, including SC-300: Microsoft Identity and Access Administrator. Saviynt product certifications and ITIL knowledge are advantageous.

Flexibility is key to our success. Talk to us about what flexibility means to you, so that you’re supported to manage your wellbeing and balance your priorities from day one.

We recognise and value performance, offering our people a highly competitive Rewards and Benefits package including:

Our purpose is to celebrate life, every day, everywhere. And creating an inclusive culture, where everyone feels valued and that they can belong, is a crucial part of this.

We embrace diversity in the broadest possible sense. This means that you’ll be welcomed and celebrated for who you are just by being you. You’ll be part of and help build and champion an inclusive culture that celebrates people of different gender, ethnicity, ability, age, sexual orientation, social class, educational backgrounds, experiences, mindsets, and more.

Our ambition is to create the best performing, most trusted and respected consumer products companies in the world. Join us and help transform our business as we take our brands to new heights and build new ones as part of shaping the next generation of celebrations for consumers around the world.

Feel inspired? Then this may be the opportunity for you.

If you require a reasonable adjustment, please ensure that you capture this information when you submit your application.

Recruitment Scam Warning

Protecting candidates is very important to us. All communications regarding your application will come from an email address ending in @diageo.com. In our recruitment process, we'll never ask for money.

Regular

Bangalore Karle Town SEZ

2026-05-27