Job Summary:
We are seeking a highly skilled Cloud IAM & Identity Specialist with expertise in Google Cloud IAM and Microsoft Entra ID (formerly Azure AD). This role will focus on securing identity and access management across hybrid and multi-cloud environments. You will be responsible for designing, implementing, and maintaining robust IAM frameworks, ensuring secure authentication and access control policies, and automating identity lifecycle processes.

Key Responsibilities:

• Design, implement, and manage IAM policies in Google Cloud Platform (GCP) and Microsoft Entra ID.​

• Configure roles, permissions, and policy hierarchies to enforce the principle of least privilege.

• Manage service accounts, role bindings, Resource Group (RG)and IAM conditions across GCP.

• Develop and manage Conditional Access Policies, RBAC, and identity governance in Entra ID. password less authentication, and SSO (SAML/OAuth2/OIDC).

• Integrate and manage hybrid identities via Azure AD Connect and directory synchronization tools.

• Perform access reviews, entitlement management, and support joiner-mover-leaver workflows.

• Monitor identity systems using audit and sign-in logs, and respond to identity security events.

• Automate IAM tasks using Terraform (GCP), PowerShell, Azure CLI, and Microsoft Graph API.

• Collaborate with Security and Compliance teams to support identity governance initiatives.

Required Skills and Qualifications:

• Bachelor’s Degree with overall 10+ year of experience in IT

Google Cloud IAM:

• Strong knowledge of IAM policy structure and resource hierarchy in GCP.

• Experience with service account security, workload identity federation, and role management.

• Proficiency in using gcloud CLI and Terraform to manage IAM configurations.

• Familiarity with Cloud Audit Logs and IAM policy simulator.

Microsoft Entra ID (Azure AD):

• Proficient in managing users, groups, roles, and Conditional Access in Entra ID.

• Experience with Entra Identity Governance tools: Access Reviews, Entitlement Management.

• Strong understanding of federation protocols: SAML, OAuth2, OpenID Connect.

• Integration with on-prem Active Directory using Azure AD Connect and/or AD FS.

General Identity & Security Knowledge:

• Strong understanding of Zero Trust principles and IAM security best practices.

• Hands-on experience automating identity tasks with scripting and APIs.

• Familiar with compliance and governance standards (e.g., ISO 27001, NIST, GDPR).

AI Operations Vision:

• Strong understanding of Artificial intelligence for operations excellence

• Hands-on experience in analysing tasks with AI tools like Co-pilot etc.

• Vision to use AI tools in operational daily use.

Preferred Qualifications:

• Experience in cross-cloud IAM integration or multi-tenant identity architecture.

• Knowledge of Identity Lifecycle Management and JML (Joiner-Mover-Leaver) processes.

Certifications:

• Google Professional Cloud Security Engineer

• Microsoft Certified: Identity and Access Administrator Associate (SC-300)

Inclusion at GSK:

• As an employer committed to Inclusion, we encourage you to reach out if you need any adjustments during the recruitment process.

• Please contact our Recruitment Team at IN.recruitment-adjustments@gsk.com to discuss your needs.

Why GSK?

Uniting science, technology and talent to get ahead of disease together.

GSK is a global biopharma company with a special purpose – to unite science, technology and talent to get ahead of disease together – so we can positively impact the health of billions of people and deliver stronger, more sustainable shareholder returns – as an organisation where people can thrive. We prevent and treat disease with vaccines, specialty and general medicines. We focus on the science of the immune system and the use of new platform and data technologies, investing in four core therapeutic areas (infectious diseases, HIV, respiratory/ immunology and oncology).

Our success absolutely depends on our people. While getting ahead of disease together is about our ambition for patients and shareholders, it’s also about making GSK a place where people can thrive. We want GSK to be a place where people feel inspired, encouraged and challenged to be the best they can be. A place where they can be themselves – feeling welcome, valued, and included. Where they can keep growing and look after their wellbeing. So, if you share our ambition, join us at this exciting moment in our journey to get Ahead Together.

Important notice to Employment businesses/ Agencies

GSK does not accept referrals from employment businesses and/or employment agencies in respect of the vacancies posted on this site. All employment businesses/agencies are required to contact GSK's commercial and general procurement/human resources department to obtain prior written authorization before referring any candidates to GSK. The obtaining of prior written authorization is a condition precedent to any agreement (verbal or written) between the employment business/ agency and GSK. In the absence of such written authorization being obtained any actions undertaken by the employment business/agency shall be deemed to have been performed without the consent or contractual agreement of GSK. GSK shall therefore not be liable for any fees arising from such actions or any fees arising from any referrals by employment businesses/agencies in respect of the vacancies posted on this site.

It has come to our attention that the names of GlaxoSmithKline or GSK or our group companies are being used in connection with bogus job advertisements or through unsolicited emails asking candidates to make some payments for recruitment opportunities and interview. Please be advised that such advertisements and emails are not connected with the GlaxoSmithKline group in any way.

GlaxoSmithKline does not charge any fee whatsoever for recruitment process. Please do not make payments to any individuals / entities in connection with recruitment with any GlaxoSmithKline (or GSK) group company at any worldwide location. Even if they claim that the money is refundable.

If you come across unsolicited email from email addresses not ending in gsk.com or job advertisements which state that you should contact an email address that does not end in “gsk.com”, you should disregard the same and inform us by emailing askus@gsk.com, so that we can confirm to you if the job is genuine.