Identity Governance Jobs (NOW HIRING)

We are UMG, the Universal Music Group. We are the world's leading music company. In everything we do, we are committed to artistry, innovation and entrepreneurship. We own and operate a broad array of businesses engaged in recorded music, music publishing, merchandising, and audiovisual content in more than 60 countries. We identify and develop recording artists and songwriters, and we produce, distribute and promote the most critically acclaimed and commercially successful music to delight and entertain fans around the world.

Job Summary

We are currently seeking an Identity & Access Management Engineer with specialization inIdentity Governance & Administration (IGA)to join UMG's global Tech Security & Identity organization. Reporting to the VP, Tech Security & Identity, this is a hands-on engineering role responsible for designing, implementing, andoperatingenterprise IGA capabilities across a complex, global environment.

This engineer will play a critical role in governing digital identities, access entitlements, and lifecycle processes for employees, contractors, and non-employee populations. The role emphasizes strong engineering execution, automation, and operational discipline, partnering closely with security, HR, infrastructure, and application teams to ensure access is provisioned appropriately, reviewed regularly, and removedin a timely manner. The ideal candidate brings deep experience with modern IGA platforms,strongunderstanding of access governance controls, and the ability tooperateat scale in a regulated enterprise.

Job Functions

Design, engineer, deploy, andoperateIdentity Governance & Administration (IGA) solutions across the enterprise.

Implement and manage identity lifecycle processes including joiner, mover, and leaver (JML) workflows for employees and non-employee identities.

Engineer andmaintainaccessrequest, approval, and provisioning workflows integrated with HR systems, directories, and enterprise applications.

Design andoperateaccess governance controls including role models, entitlement catalogs, access certifications, and periodic access reviews.

Partner with application owners and platform teams to onboard applications into IGA and remediate access governance gaps.

Develop andmaintainautomation and integrations for IGA workflows using scripting, APIs, and infrastructure-as-code approaches (e.g., PowerShell, Python).

Support segregation of duties (SoD) controls, access policy enforcement, and audit readiness activities.

Troubleshoot and resolve complex identity lifecycle, provisioning, and access-related issues across integrated systems.

Collaborate with Security, HR, Compliance, and Infrastructure teams to ensure identity governance controls align with security policies and regulatory requirements.

Maintain technical documentation, configuration standards, and operational runbooks to support scalable and repeatable IGA operations.

Continuouslyidentifyopportunities to improve access governance maturity, reduce manual effort, and enhance user experience through automation and platform enhancements.

Job Requirements

Essential Qualifications

5+ years of hands-on experience in Identity & Access Management or Security Engineering roles, with a strong focus on Identity Governance & Administration.

Demonstrated experience implementing and operating enterprise IGA platforms (e.g., Saviynt, SailPoint, or equivalent).

Strong understanding of identity lifecycle management, access provisioning, role-based access control (RBAC), and entitlement governance.

Hands-on experience designing and supportingaccesscertification campaigns and remediation processes.

Experience integrating IGA solutions with HR systems, Active Directory / Entra ID, and enterprise applications.

Proficiencyin scripting and automation using tools such as PowerShell or Python.

Experience working in hybrid and cloud environments (Azure and/or AWS) with IAM integrations.

Ability to independently own complex technical deliverables while collaborating effectively within a global organization.

Strong troubleshooting, documentation, and communication skills.

Desirable Qualifications

Bachelor's degree in Computer Science, Information Security, Engineering, ora relatedtechnical discipline.

Experience with advanced IGA capabilities such as role mining, access analytics, or policy-based provisioning.

Familiarity with compliance and audit frameworks such as SOX, ISO 27001, NIST, or similar.

Professional certifications such as Saviynt Certified Professional, SailPoint CertifiedIdentityIQEngineer, Security+, or CISSP.

Experience operating IAM or identity governance platforms within a large, global, or highly regulated enterprise environment.

Perks Playlist:

Join an entrepreneurial, global organization where authenticity, boldness, creativity, connection, drive, and insight aren't just values-they're how we work every day. Here are some of the ways we support you along the way (and just a few of the benefits we offer):

• Comprehensive medical, dental, and vision coverage

• Including 100% coverage for out-patient in-network mental health services

• Fertility coverage for eligible medical plan participants

• Wellbeing reimbursements for fitness classes, spa treatments, meal services, travel, and so much more (up to $720/year)

• Student Loan Repayment Assistance and Tuition Reimbursement

• 401(k) with 100% immediate vesting on the first 5% of your contributions, plus an additional UMG contribution

A variety of ways to prioritize much-needed time away from work including:

• Flexible Paid Time Off (PTO) for exempt employees

• 3-weeks PTO for non-exempt employees

• 2-weeks paid Winter Break

• 10 Company Holidays (including Juneteenth and Wellbeing Day)

• Summer Fridays (between Memorial Day and Labor Day)

• Generous paid parental leave for every type of parent

Check out our full overview of benefits on the Perks Playlist page of the career site.

Disclaimer: This job description only provides an overview of job responsibilities that are subject to change.
Universal Music Group is an Equal Opportunity Employer

We are an E-Verify employer in Alabama, Arizona, Georgia, Mississippi, North Carolina, South Carolina, Tennessee, and Utah.

Please note, UMG is not enrolled in E-Verify in California and New York, and cannot support employment of candidates whose employer must enroll in E-Verify, for example candidates on STEM-OPT.

For more information, please click on the following links.

E-Verify Participation Poster:English / Spanish

E-Verify Right to Work Poster:English|Spanish

Salary Range:

The actual base salary offered depends on a variety of factors, which may include, as applicable, the qualifications of the individual applicant for the position, years of relevant experience, specific and unique skills, level of education attained, certifications or other professional licenses held, and the location in which the applicant lives and/or from which they will be performing the job. All candidates are encouraged to apply.