Life changing therapies. Global impact. Bridge to thousands of biopharma companies and their patients. We are PCI. Our investment is in People who make an impact, drive progress and create a better tomorrow. Our strategy includes building teams across our global network to pioneer and shape the future of PCI. Position Summary The Identity & Access Engineer will own PCI Pharma's identity and access management (IAM) infrastructure, serving 6,500+ users across 16 global sites. This critical role addresses the current decentralized IAM risk by implementing centralized identity governance, Zero Trust access controls, and automated lifecycle management. The position is foundational to the organization's security posture and compliance with pharmaceutical regulations. Key Responsibilities Design and implement enterprise IAM strategy aligned with Zero Trust architecture principles Manage Microsoft Entra ID (Azure AD) including conditional access policies, MFA enforcement, and identity protection Administer Active Directory across global domain including GPO management, OU structure, and replication monitoring Implement identity governance including access reviews, certification campaigns, and segregation of duties controls Automate user lifecycle management (joiner/mover/leaver) through integration with HR systems Design and implement Privileged Access Management (PAM) solutions for administrative accounts Develop role-based access control (RBAC) models aligned with job functions and least privilege principles Configure single sign-on (SSO) and federation for enterprise applications Implement identity monitoring and anomaly detection for compromised credential identification Support audit and compliance requirements including SOX, GxP, and 21 CFR Part 11 identity controls Create documentation including identity architecture diagrams, procedures, and runbooks Coordinate with SECURE team on identity-related incident response and threat mitigation Required Qualifications Bachelor's degree in Computer Science, Information Technology, or related field 5+ years of experience in identity and access management Expert-level knowledge of Microsoft Entra ID (Azure AD) and Active Directory Experience implementing conditional access policies and MFA solutions Strong understanding of identity protocols (SAML, OAuth, OIDC, Kerberos) Experience with identity governance and access certification processes Knowledge of Privileged Access Management concepts and tools PowerShell scripting proficiency for identity automation Understanding of Zero Trust security principles Experience in regulated industries with audit requirements Preferred Qualifications Microsoft Certified: Identity and Access Administrator Associate Experience with identity governance platforms (SailPoint, Saviynt, or similar) Pharmaceutical industry experience with GxP compliance knowledge Experience with PAM solutions (CyberArk, BeyondTrust, or similar) Knowledge of SCIM provisioning and HR system integration SC-300 or AZ-500 Azure certification Technical Skills & Tools Microsoft Entra ID (Azure AD) • Active Directory (AD DS, AD CS, AD FS) • Conditional Access and MFA • PowerShell for identity management • Group Policy Objects (GPO) • SAML / OAuth / OIDC protocols • Microsoft 365 identity features • ServiceNow identity integration Key Performance Indicators MFA adoption rate (target: 100% of users) Access review completion rate (target: 100% within SLA) Orphaned account remediation (target: