About the Role
Role Overview: Thoughtworks is seeking an experienced(Minimum 5+ years) IAM Specialist with strong expertise in Google Workspace and Okta to support our User Identity services. This role is responsible for the day-to-day management of identity and access across the Thoughtworks ecosystem, including user lifecycle management (Joiner–Mover–Leaver), access provisioning, SSO integrations, MFA policies, and Identity compliance. The ideal candidate has hands-on experience operating Google Workspace and Okta in a global enterprise environment and can ensure stability, security, and smooth execution of IAM business-as-usual (BAU) activities. This is a hands-on operational role focused on reliability, access governance, and maintaining a secure identity environment. Key Responsibilities 1. Google Workspace Administration (Must Have) Administer and optimize Google Workspace in a multi-OU enterprise environment Manage user lifecycle (Joiner–Mover–Leaver) automation and provisioning workflows Configure and maintain: Admin roles & delegated access Groups, Shared Drives, and Drive governance Context-aware access and security settings Gmail routing and domain configurations Support investigations using audit logs and reporting tools Work with GAM (Google Apps Manager) for bulk operations and automation 2. Okta Identity Management (Must Have) Administer and optimize Okta for enterprise SSO and identity lifecycle Manage SAML, OIDC, and SCIM integrations Configure and maintain: App provisioning and deprovisioning MFA policies and sign-on policies Lifecycle workflows Group-based access controls Support secure rollout initiatives (e.g., phishing-resistant MFA, device-bound authentication) Troubleshoot federation and authentication issues across integrated systems 3. Identity Lifecycle & Access Governance Drive JML process automation between HR systems, Okta, and Google Workspace Ensure timely provisioning/deprovisioning and least-privilege enforcement Handle IAM tickets and complex access issues Partner with Infosec for compliance audits and access reviews Maintain clean entitlement models and reduce over-provisioning Tech Stack Requirements Must Have 5+ years of hands-on IAM experience Deep administration experience in: Google Workspace Okta Strong knowledge of: SAML 2.0 OAuth / OIDC SCIM provisioning MFA & access policies Experience managing identity in a global enterprise environment (5k+ users preferred) Nice to Have Experience with FastPass / passwordless authentication Exposure to device trust / device context policies Experience in IAM automation at scale Knowledge of access governance best practices Skills & Competencies Strong troubleshooting mindset across identity flows Ability to collaborate across Security, Data, and Infrastructure teams Strong documentation and process design skills Comfortable operating in a high-scale, multi-region enterprise Ability to challenge insecure practices and drive improvement