Lead IAM Engineer-Hybrid – Cherry Creek, CO

Job Title : Lead IAM Engineer

Location : Hybrid Cherry Creek, CO (Onsite interview required)

Duration : 6+ Months Contract

Overview :

We are seeking a Lead IAM Engineer to design and implement a brand-new Identity and Access Management (IAM) setup for a new investment application. This role requires an expert who can build IAM solutions from the ground up using SailPoint , with strong experience in Azure AD , PIM / PAM , and automation scripting. The ideal candidate will bring both deep technical expertise and strong leadership skills to define best practices, guide strategy, and engage with senior leadership including CISO-level visibility.

Key Responsibilities :

• Lead the end-to-end setup and configuration of a new IAM environment using SailPoint .
• Design and implement user account provisioning, access governance, and security role structures.
• Manage Privileged Identity Management (PIM) and Privileged Access Management (PAM) setups and controls.
• Configure and optimize Azure AD components, including conditional access, MFA, nested groups, and advanced group management.
• Develop and maintain automation scripts using PowerShell , SQL , and Java / BeanShell for IAM operations.
• Integrate IAM systems with ServiceNow , APIs , and enterprise data sources for seamless provisioning and de-provisioning.
• Ensure alignment with audit and compliance frameworks such as SOX and ISAE.
• Act as a Subject Matter Expert (SME) to define IAM roadmaps, recommend best practices, and present technical solutions to leadership teams.

Required Skills & Experience :