Join our team at AMGEN Capability Center Portugal, the #1 company in Best Workplaces™(201–500 employees' category) in Portugal in 2024 by the Great Place to Work Institute. With over 500talented individuals from more than 40 nationalities, our Lisbon center thrives at the intersection of innovation, excellence, and inspiration. This is your opportunity to explore the future of healthcare through technology and digital innovation, supporting our mission To Serve Patients.

What you will do

• Design and implement comprehensive identity provisioning workflows for users, systems, and applications
• Develop standardized models to support joiner/mover/leaver processes
• Ensure solutions are scalable, secure, and compliant with internal policies and external regulations
• Provide technical and governance oversight across all provisioning projects, acting as the lead architect from analysis through delivery
• Lead the development and continuous improvement of RBAC models, including role mining, engineering, and lifecycle management
• Define and manage identity governance policies, including access reviews, certifications, and entitlement management
• Integrate governance frameworks with provisioning and access control mechanisms
• Manage access reviews and certifications, enforce Segregation of Duties (SoD) controls, and ensure audit readiness
• Support governance reporting, compliance audits, and risk assessments
• Define response and remediation procedures for identity-related issues
• Collaborate with infrastructure and application teams to integrate IAM tools with enterprise systems
• Automate provisioning and deprovisioning tasks using scripting and workflow tools to enhance efficiency
• Provide strategic direction and technical leadership in provisioning architecture
• Promote best practices in access control, least privilege, and zero trust principles
• Partner with stakeholders across security, compliance, HR, and IT to align provisioning capabilities with business objectives

What we expect of you

• Holds a relevant degree and has deep expertise in identity provisioning across hybrid environments
• Experienced in IAM architecture, including RBAC, ABAC, and policy-driven access models
• Proficient in directory services (Active Directory, LDAP) and account reconciliation
• Skilled in IAM tools (e.g. SailPoint, CyberArk, Okta, ForgeRock, Microsoft Entra ID) and protocols (SAML, OAuth, SCIM)
• Familiar with automation scripting (PowerShell, Python) and workflow tools
• Understands compliance frameworks (SOX, GxP) and has experience with audits and risk assessments
• Strong communicator with excellent documentation and stakeholder management skills
• Holds relevant certifications (e.g. CIAM, CISSP) and has exposure to CIEM, PAM, or IGA platforms
• Experienced in cloud-based access governance (AWS, Azure, GCP)
• Demonstrates strong analytical, troubleshooting, and problem-solving abilities
• Available for rotational on-call duties during evenings and weekends

Must-Have Skills

• IAM architecture
• RBAC and ABAC models
• Directory services (Active Directory, LDAP)
• Account reconciliation
• IAM tools (SailPoint, CyberArk, Okta, ForgeRock, Microsoft Entra ID)
• Protocols (SAML, OAuth, SCIM)
• Automation scripting (PowerShell, Python)
• Workflow tools
• Compliance frameworks (SOX, GxP)
• Audits and risk assessments
• Documentation and stakeholder management
• Certifications (CIAM, CISSP)
• CIEM, PAM, IGA platforms
• Cloud-based access governance (AWS, Azure, GCP)
• Analytical, troubleshooting, and problem-solving

What you can expect of us

• Work That Matters – Build tech that accelerates scientific breakthroughs and helps patients worldwide
• Modern Tech Stack – Cloud-first, automation-focused, AI-powered
• Global Scale, Agile Mindset – Collaborate across continents while working in nimble, high-impact teams
• Continuous Learning – Access to certifications, trainings, mentorship, and career mobility
• AMGEN Total Rewards Plan – Comprehensive benefits in healthcare, finance, and well-being
• Flexibility – Hybrid work model with time split between our Lisbon office and remote work

Compensation

201–500