Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

Ujjaval Pandya

Chicago,IL

Summary

Dynamic Identity and Access Management (IAM) Lead Engineer with over 10 years of experience delivering enterprise-scale solutions utilizing SailPoint IdentityIQ, IdentityNow, Okta, Azure AD, and CyberArk. Expertise in end-to-end identity lifecycle automation, access certifications, role management, and privileged access governance ensures robust security frameworks aligned with compliance standards such as HIPAA, GDPR, and SOX. Proven track record in leading complex integrations and driving IAM initiatives while collaborating closely with CISOs and security teams to define strategies and build scalable identity controls. Technical proficiency includes Java, Python, REST APIs, and DevSecOps practices, enabling the modernization of identity programs and optimization of IAM platforms to meet evolving security needs.

Overview

10
10
years of professional experience
1
1
Certification

Work History

Senior IAM Engineer

Sentara Health
Chicago, IL
01.2024 - Current
  • Engineered and developed advanced SailPoint IdentityIQ solutions, including custom connectors, workflows, rules, and lifecycle events for over 50,000 users.
  • Engineered and refined LCM/LCI workflows, incorporating approval flows, SLA routing, risk scoring, and policy-driven access enforcement.
  • Assisted in building and deploying SailPoint IIQ connectors including web services, SCIM, JDBC, REST, and SAP HR using Java and PowerShell. Supported integration efforts with Active Directory, Azure AD/Entra, Okta, ServiceNow, CyberArk, and various multi-cloud platforms.
  • Oversaw production support for L2/L3 issues, addressing complex challenges such as provisioning failures, workflow interruptions, identity cube corruption, aggregation errors, and performance bottlenecks. Led root cause analysis initiatives and executed permanent solutions via ServiceNow protocols.
  • Assisted in implementing SailPoint solutions that comply with SOX, HIPAA, GDPR, ISO 27001, and NIST frameworks. Supported the enforcement of least privilege, role-based access control, attribute-based access control, and zero trust governance measures.
  • Spearheaded design and management of enterprise access certification campaigns, entitlement rationalization, and segregation of duties policy frameworks.
  • Assisted vendor support with urgent escalations related to SailPoint. Reviewed and confirmed patches, upgrades, and hotfixes prior to deployment in production environments.
  • Facilitated the creation of technical design documents and integration runbooks to enhance operational efficiency. Mentored junior engineers in coding standards and version control, fostering a culture of best practices in IIQ.

Senior IAM Engineer

MUFG Americas
09.2021 - 12.2023
  • Directed design and deployment of intricate SailPoint IIQ custom components, including connectors, workflows, rules, and policies, for enterprise-scale environments.
  • Engineered advanced Java classes, Beanshell scripts, and XML configurations to enhance IdentityIQ functionality.
  • Engineered seamless integrations between IIQ and SaaS/on-premises applications, including Azure AD, Okta, AWS, SAP HR systems, and CyberArk.
  • Developed and oversaw access certification policy violation remediation workflows, ensuring compliance governance with SOX, HIPAA, and GDPR standards.
  • Directed L3 production support to resolve escalated provisioning entitlement sync workflow execution and role assignment failures.
  • Engineered scalable SailPoint IdentityNow solutions that align with enterprise cloud strategies and zero trust architecture.
  • Engineered custom IdentityNow connectors and workflows utilizing Java and Python.
  • Reviewed and approved code changes through GitLab and GitHub pipelines. Assisted junior engineers in developing skills and understanding best practices in software development.

Senior IAM Engineer

AIG
Texas
04.2018 - 09.2021
  • Designed, implemented, and optimized IdentityIQ solutions for identity lifecycle management, access governance, certification campaigns, and policy enforcement.
  • Developed custom workflows, provisioning rules, LCM events, SoD policies, Identity Refresh tasks, and escalation logic supporting enterprise identity operations.
  • Managed configuration of applications, connectors, and aggregation tasks, provisioning policies, and managed attributes across enterprise systems including AD, Workday, SAP, Azure AD, CyberArk, and Okta.
  • Created and tuned Lifecycle Manager (LCM) processes—joiner, mover, and leaver flows ensuring HR-driven automation and compliance.
  • Designed and built IdentityIQ rules including provisioning rules, certification rules, object rules, correlation rules, and transformation rules.
  • Developed and customized IdentityIQ workflows (access request, certification review, identity refresh, provisioning workflows) using Bean shell scripting and Java extensions.
  • Implemented approval flows, risk scoring models, advanced SLA routing, and policy-based access enforcement.
  • Built and deployed connectors (Active Directory, JDBC, Web Services, REST, SAP HR, Azure AD, SaaS applications) including schema discovery, entitlement aggregation, and provisioning.
  • Created custom connectors, provisioning adapters, and integration logic using Java, JDBC, PowerShell, and REST APIs.
  • Troubleshot provisioning failures, sync issues, and reconciliation logic, implementing data transformation to improve accuracy.
  • Delivered enterprise certification campaigns, access review programs, policy enforcement, SoD modeling, and supervisory attestation flows.
  • Developed detailed campaign templates, signer delegation logic, completion rules, and escalation policies aligned with audit frameworks.
  • Ensured compliance alignment with SOX, HIPAA, GDPR, and Zero Trust regulatory controls.
  • Designed and implemented RBAC models, access profiles, entitlements, segregation rules, and governance engines enabling least-privilege enforcement.
  • Performed entitlement rationalization, role mining, and access risk reduction initiatives that improved certification outcomes.
  • Developed custom Java extensions, rule scripts, LCM business logic, custom forms, task scripts, plugin modules, workflows, and UI customizations.
  • Built IdentityIQ plugin components automating provisioning triggers, certification remediation, and operational health monitoring.
  • Created reusable automation scripts to validate data integrity, perform mass updates, and improve admin efficiency.

IAM Engineer

CareFirst
Washington DC
09.2015 - 03.2018
  • Assisted in SailPoint IdentityIQ configuration including basic workflows, policies, and certification campaigns under supervision
  • Developed simple Beanshell scripts and XML configurations to automate routine identity tasks.
  • Helped integrate IIQ with Active Directory and other basic target systems for account provisioning and reconciliation.
  • Documented processes, procedures, and system changes for knowledge management and audit purposes.
  • Designed and implemented custom IdentityIQ workflows, rules, and policies for automated identity lifecycle management.
  • Developed Java-based extensions and Beanshell scripts to support provisioning, reconciliation, and certification processes.
  • Integrated IIQ with REST/SOAP APIs, JDBC databases, and SaaS applications to streamline identity governance.
  • Configured and managed role-based access controls (RBAC) and role mining exercises.
  • Conducted code reviews, troubleshooting, and optimization for existing IIQ components.
  • Built reports and dashboards using SQL/Oracle queries to track access reviews, compliance, and provisioning metrics.

Education

Bachelor of Science - Computer Science

DeVry University

Skills

  • Identity & Access Management (IAM) Tools: SailPoint IdentityIQ (IIQ), SailPoint IdentityNow (IDN), SailPoint Identity Security Cloud (ISC), Saviynt, ForgeRock, Omada, Okta, Ping Identity, CyberArk, Beyond Trust, Azure AD, Active Directory, Keycloak, RSA SecureID, Silverfort
  • SailPoint Platforms & Modules: Identity Security Cloud (ISC), Lifecycle Manager (LCM), Access Request & Approvals, Identity Warehouse, Role/Entitlement Modeling, Certifications, Policy Violation Remediation, Identity Governance, Provisioning Broker, Risk Scoring
  • SailPoint Engineering Expertise: Application Onboarding (Delimited File, JDBC, REST, LDAP, AD, SAP HR), Custom Connectors, Rules (Before/After Provisioning, Correlation, Aggregation), Workflows, Email Templates, Identity Cubes, Access Reviews, Entitlement Aggregation
  • Provisioning & Automation: SCIM, REST APIs, SOAP, PowerShell, Core Java, SQL, Identity Lifecycle Automation, RBAC/ABAC, Password Management, MFA, SSO
  • Cloud & Federation: Azure AD, AWS IAM, GCP IAM, Okta Federation, OAuth 20, OIDC, SAML 20, ADFS, JWT, Certificate-based Authentication, Zero Trust Architecture
  • Governance, Security & Compliance: SOX, HIPAA, GDPR, NIST IAM Standards, Identity Security Controls, ISC2 Security Principles, Access Certification Campaigns, PAM/IGA Governance, Segregation of Duties (SoD), Audit & Compliance Reporting
  • Development & Programming: Core Java, Spring Boot, PowerShell, JavaScript, Python, SQL, REST API Integration, Microservices
  • Platforms & Infrastructure: Windows, Linux, Docker, Kubernetes, Jenkins, Git, ServiceNow, Terraform, Azure DevOps

Certification

  • SailPoint Identity Security Professional Credential (ISC / IDN / IIQ)
  • CISM – Certified Information Security Manager
  • CISA – Certified Information Systems Auditor
  • CRISC – Certified in Risk and Information Systems Control
  • AWS Certified Security – Specialty
  • CompTIA Security+

Timeline

Senior IAM Engineer

Sentara Health
01.2024 - Current

Senior IAM Engineer

MUFG Americas
09.2021 - 12.2023

Senior IAM Engineer

AIG
04.2018 - 09.2021

IAM Engineer

CareFirst
09.2015 - 03.2018

Bachelor of Science - Computer Science

DeVry University
Ujjaval Pandya