Identity and Access Management (IAM) Engineer (GOV) - Tempus

PNC

1d•$65,000 - $187,200•Remote

About The Position

At PNC, our people are our greatest differentiator and competitive advantage in the markets we serve. We are all united in delivering the best experience for our customers. We work together each day to foster an inclusive workplace culture where all of our employees feel respected, valued and have an opportunity to contribute to the company’s success. As an Identity and Access Management (IAM) Engineer within PNC's Tempus Technologies organization, you may be based in a remote location. Tempus Technologies, Inc. is the expert leader of secure payments at the point of interaction. For more than 25 years, innovation and producing high quality custom-ready solutions is at the forefront of everything we do. We’re committed to developing exceptional point-of-sale payment integration technology and software solutions to meet the growing needs of our customers’ business requirements. Our knowledgeable and friendly employees are passionately dedicated to delivering world-class support to every client. We thrive in a transparent culture that understands the value of shared ideas, teamwork, and excellence in everything we do. The Identity and Access Management (IAM) Engineer is responsible for the hands‑on engineering, integration, and operation of the organization’s SailPoint IdentityNow platform. This role acts as the technical SailPoint subject matter expert, owning platform configuration, application integrations, identity lifecycle automation, and development of custom workflows and logic. The IAM Engineer partners closely with Security Operations, Infrastructure, Cloud, Application Engineering, Compliance, and Audit teams to ensure access is governed, automated, auditable, and aligned with least‑privilege and regulatory requirements. The ideal candidate brings strong technical depth in SailPoint IdentityNow, a solid understanding of identity governance principles, and the ability to design scalable access solutions across SaaS, cloud, and hybrid environments.

Requirements

Strong hands‑on experience with SailPoint IdentityNow (SaaS) in an enterprise environment.
Experience integrating IAM solutions with SaaS applications, cloud platforms, and directory services.
Working knowledge of IAM concepts including identity lifecycle management, RBAC/ABAC, and least privilege.
Experience supporting access reviews, certifications, and audit evidence requests.
Familiarity with authentication, authorization, SSO, MFA, and directory services (AD, LDAP).
Strong troubleshooting, analytical, and problem‑solving skills.
Ability to work effectively with both technical and non‑technical stakeholders.
Bachelors (Required)
Roles at this level typically require a university / college degree, with 5+ years of industry-relevant experience.
Specific certifications are often required.
In lieu of a degree, a comparable combination of education, job specific certification(s), and experience (including military service) may be considered.

Nice To Haves

IAM Tools
Identity Access Management (IAM)
Identity Lifecycle Management
SailPoint IdentityIQ

Responsibilities

Implement, operate and support Access Management services, ensuring reliable and secure access provisioning and deprovisioning.
Execute workforce and non‑human identity lifecycle processes, including joiner, mover, and leaver (JML) events.
Troubleshoot and resolve IAM‑related incidents, provisioning failures, and data aggregation issues.
Ensure IAM services meet availability, performance, and operational support expectations.
Serve as the primary technical engineer and platform owner for SailPoint IdentityNow.
Configure and maintain identity profiles, access profiles, provisioning policies, and lifecycle states.
Implement and support access certifications, entitlement reviews, and remediation workflows.
Develop and maintain role models, access policies, and governance controls aligned to least privilege.
Support audit and compliance activities, including evidence collection and access review remediation.
Integrate SailPoint IdentityNow with SaaS applications, cloud platforms, and on prem or hybrid systems.
Design and implement account and entitlement aggregation for new and existing applications.
Partner with application owners to define access models, provisioning behavior, and governance requirements.
Support REST/API based integrations and custom application onboarding.
Develop SailPoint IdentityNow components including transforms, workflows, rules, and forms.
Automate access requests, approvals, and provisioning processes to reduce manual effort.
Enhance identity data quality and correlation logic across authoritative source systems.
Implement and maintain custom logic to support complex access use cases and edge conditions.
Monitor and maintain SailPoint job schedules, aggregations, and provisioning execution.
Analyze errors and trends to improve reliability and reduce operational toil.
Maintain technical documentation, integration standards, and operational runbooks.
Identify opportunities to improve scalability, automation, and governance maturity.
Provides subject matter expertise when applying security concepts.
Leverages technical knowledge and industry experience to design, build, and maintain technology solutions.
Responsible for deliverables related to project timelines.
Responsible for working with architecture to take high level architectural designs and determine the specifics around implementation details (ex: sizing) integration details, onboarding and operationalization.
Evaluates patches, updates, and ongoing maintenance.
Determines impacts to existing solutions when new standards are implemented.
Utilizes change control and other governance processes to ensure alignment of solutions .
Develops detailed implementation, configuration, design, and engineering documentation.
Build and implement solutions.
Works with operational partners to enable transition and day-to-day supportability.
Provides engineering support to existing technology in a production environment and collaborating with other groups as required.
Seeks opportunities to grow a broad knowledge base to complement specific subject matter expertise.

Benefits

medical/prescription drug coverage (with a Health Savings Account feature)
dental and vision options
employee and spouse/child life insurance
short and long‑term disability protection
401(k) with PNC match
pension and stock purchase plans
dependent care reimbursement account
back‑up child/elder care
adoption, surrogacy, and doula reimbursement
educational assistance, including select programs fully paid
a robust wellness program with financial incentives
maternity and/or parental leave
up to 11 paid holidays each year
9 occasional absence days each year, unless otherwise required by law
between 15 to 25 vacation days each year, depending on career level; and years of service.