TC-CS-IAM-RSA Implementation-Manager

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all.

RSA Implementation:

As a Senior Developer, you will lead connector development, workflow orchestration, and application onboarding within RSA Identity Governance & Lifecycle (IGL / RSA Via). You’ll build scalable integrations to enterprise and cloud systems, design approval and provisioning workflows, optimize collections and certifications, and enforce governance policies (RBAC/SoD) across complex environments.

Key Responsibilities

Connector Development (AFX & Custom Integrations)

• Design, develop, and maintain provisioning and deprovisioning connectors using AFX (Aveksa Fulfillment Express), including:
• Out-of-the-box (OOTB) connectors: AD/LDAP, Databases (JDBC), SAP, ServiceNow, Azure AD, AWS, G Suite, O365.
• Web Service connectors: REST/SOAP with OAuth2/JWT/API keys.
• Scripting-based connectors: PowerShell, SSH, Unix shell, Python for on-prem targets.
  

Build Collectors for data aggregation (accounts, groups, entitlements) from applications using:

• JDBC (Oracle, SQL Server, MySQL), LDAP, Flat files/SFTP, REST APIs.
• Implement attribute mappings, transformation rules, and correlation logic (user-to-account, multi-attribute matching, fuzzy logic as needed).
• Handle delta/ incremental collections, error handling, retries, and idempotency.
• Secure credentials and secrets via vaulting or platform key stores; apply least-privilege for connector service accounts.
• Performance tune connectors: paging, throttling, parallelism, connection pooling, and API rate-limit strategies.
• Document runbooks, deployment steps, and rollback procedures.
• Workflow Design & Orchestration
  

Build business workflows for:

• Joiner–Mover–Leaver (JML) lifecycle automation.
• Access requests / approvals (multi-level, manager/owner/risk-based).
• Provisioning workflows with branching (success, failure, rollback, re-try).
• Emergency access (firefighter) requests with time-bound access and post-use review.
• Configure Change Request (CR) rules, rule sets, and task handlers.
• Implement dynamic approval routing (manager DAC, entitlement owner, application owner, SoD compensating control approvers).
• Integrate with ticketing/ITSM (ServiceNow/Jira) for fulfillment tasks and status sync.
• Add notifications/SLAs (reminders, escalations, auto-approvals/auto-revokes with justification capture).
• Ensure auditable trails: request provenance, approver comments, task logs, and evidence.
  
  

Application Onboarding & Governance

• Drive end-to-end onboarding: authoritative sources, applications, accounts, entitlements, ownership, and risk scoring.
• Establish role models (enterprise roles, IT roles), entitlement catalogs, and birthright access.
• Define and maintain SoD policies (conflict matrices, rule libraries), exception workflows, and compensating controls.
• Configure and run Access Certification Campaigns (manager, app owner, role owner, SoD remediation).
• Implement data quality checks: orphan accounts, toxic combinations, excessive privilege detection.
  

Operations, Hardening & Performance

• Schedule collections, provisions, certifications; monitor job queues and AFX tasks.
• Patch and upgrade RSA IGL components; validate customizations post-upgrade.
• Implement backup/restore, DR, and high availability patterns.
• Deliver KPIs: request SLA adherence, provisioning success rate, collection freshness, certification completion %, SoD violations trend.
  

Day to Day Deliverables

• Connector specification (interfaces, auth, payloads, mappings, error taxonomy).
• Workflow definitions (BPM diagrams, approver logic, SLAs, escalation paths).
• Data model mapping (source → person → account → entitlement).
• Test assets: unit tests for scripts, UAT scenarios, negative tests, performance tests.
• Deployment artifacts: packages, encryption keys, environment configs.
• Operational documentation and handover runbooks.
  

Technical Stack & Environment

• RSA IGL Core: Lifecycle, Governance, Access Requests, Certifications, Policies, AFX, Collectors.
• Programming/Scripting: Java, Groovy (where applicable), PowerShell, Python, Bash.
• Integrations: REST/JSON, SOAP/XML, JDBC, LDAP, SFTP, OAuth2/OIDC/SAML.
• Databases: Oracle / SQL Server (schema tuning, indexes, partitioning guidance).
• Infra/App Server: Linux-based deployment; JBoss/WildFly/WebLogic (as per customer stack).
• Directories/Clouds: AD/LDAP, Entra ID (Azure AD), Okta (as target/peer), AWS IAM, GCP, SAP.
  

EY | Building a better working world

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.

Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.

Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.