DXC – CDG stands out for a culture strongly focused on performance and competitiveness, where ambition, challenge and customer orientation shape priorities. This dynamic is balanced by a collaborative culture, fostering trust, empowerment and close managerial support. It also integrates an innovation dimension, encouraging initiative, adaptability and experimentation. Finally, a well-established organizational culture provides structure, ensuring process rigor, reliability and operational efficiency. [+]

IAM/IAG Architecture & Design

• Define and evolve the company's Identity architecture: governance model, identity lifecycle, strong authentication strategy (MFA, passwordless).


• Design identity federation schemas between repositories (AD, HR, SCIM) and SailPoint, Entra ID, and Okta platforms.


• Develop role models (RBAC / ABAC), separation of duties (SoD) policies, and authorization matrices.


• Produce architecture documents (DAT, DAF), contribute to security reviews and architecture committees.


• Define the SSO strategy and authentication flows (SAML 2.0, OpenID Connect, OAuth 2.0) for business and SaaS applications.

Integration & Deployment

Be a referent for at least one of the following technologies:

• 
  SailPoint IdentityNow / IdentityIQ: connectors, certification workflows, provisioning, joiner/leaver/mover policy.


• 
  Microsoft Entra ID (Azure AD): Conditional Access, PIM (Privileged Identity Management), Entra ID Governance, B2B/B2C access, Verified ID.


• 
  Okta: Universal Directory, Lifecycle Management, Okta Workflows, OIN integration, application management, Okta Identity Governance.


• Automate joiner / mover / leaver processes via SCIM connectors, REST APIs, and provisioning rules.


• Integrate IAM solutions with ITSM (ServiceNow), SIEM (Splunk, Microsoft Sentinel) tools, and HR directories (Workday, SAP HCM).


• Manage cloud-native integrations: AWS IAM Identity Center, Azure RBAC, GCP IAM, in line with the overall IAM strategy.

Identity & Access Governance (IAG)

• Implement and operate access review and certification campaigns for all populations (internal, contractors, service accounts).


• Manage access request processes, approvals, and provisioning through the IAM service catalog.


• Design and maintain application and enterprise role models (RBAC / Role Mining) with business teams and application owners.


• Track SoD policy violations, produce exception reports, and ensure their resolution within defined deadlines.


• Contribute to the definition of authorization policies and support business teams in adopting governance tools.

Operational Run & Management

• Write and maintain IAM policies, onboarding/offboarding procedures, and operational runbooks.


• Actively monitor threats related to identities (credential stuffing, account takeover, privilege escalation) and new vendor features.


• Ensure the operational maintenance (MCO) and security maintenance (MCS) of IAM/IAG platforms.


• Manage Level 2/3 incidents related to authentication, failed provisioning, and denied access, in coordination with support teams and vendors.


• Monitor performance and security indicators (KPI/KRI): automated provisioning rate, revocation times, certification coverage.


• Manage version upgrades, security patches, and configuration changes in accordance with change management processes.


• Coach and support L1/L2 teams on the technical and functional aspects of IAM platforms.

Technical Skills 

• 
  SailPoint IdentityNow and/or IdentityIQ: connectors, BeanShell/Java rules, workflows, certification, role management, provisioning policies.


• 
  Microsoft Entra ID / Azure AD: Conditional Access, PIM, SSPR, Entra ID Governance, Application Proxy, External Identities.


• 
  Okta: Universal Directory, Lifecycle Management, Okta Workflows (no-code / low-code), Okta Identity Governance, API Access Management.


• Strong knowledge of identity protocols: SAML 2.0, OAuth 2.0, OpenID Connect, SCIM 2.0, Kerberos, LDAP/LDAPS.


• Experience with enterprise directories: Active Directory (on-prem), Azure AD Connect / Cloud Sync, LDAP.


• Proficiency in cloud environments: Azure, AWS (IAM Identity Center, IAM Roles), GCP; knowledge of hybrid and multi-cloud architectures.


• Scripting skills for automation: PowerShell, Python, and/or connector development (Java, REST APIs).


• Knowledge of complementary solutions is a plus: CyberArk (PAM), Ping Identity, ForgeRock, HashiCorp Vault.

Soft Skills 

• Ability to lead functional scoping workshops with business units, IT, and Security departments.


• Aptitude for producing quality deliverables: architecture documents, functional specifications, training materials.


• Pedagogical skills to support business teams in adopting access governance tools.


• Autonomy, rigor, and ability to manage multiple projects in parallel within a complex corporate environment.


• Good communication skills with diverse stakeholders: CISO, DPO, auditors, IT and business teams.

Education & Certifications 

• Master's degree (Bac+5) in IT, cybersecurity, information systems, or equivalent.


• 
  At least one of the following technologies: SailPoint Certified IdentityNow Engineer, SC-300 (Microsoft Identity & Access Administrator), Okta Certified Professional / Administrator.


• Valued security certifications: CISSP, CISM, or equivalent.


• Cloud certifications are a plus: AZ-500, AWS Security Specialty, GCP Professional Cloud Security Engineer.

Languages

• French: Fluent.


• English: Fluent — technical document writing, workshop facilitation, and regular communication with international teams and vendors.