Identity Governance / Lifecycle Management (LCM) Architect

Company DescriptionVeza is the pioneer in identity security, purpose-built to answer the fundamental question enterprises face: who can and should take what action on what data. Veza's Access Graph platform maps an organization's entire identity ecosystem across users, groups, roles, policies, permissions, and resources providing deep visibility and control over human, non-human, and agentic identities across SaaS, cloud, on-prem, and custom applications. With over 30 billion access permissions under management, global enterprises including Blackstone, Expedia, and Wynn Resorts trust Veza to manage privileged access monitoring, non-human identity security, access entitlement management, and next-generation identity governance. Founded in 2020 and headquartered in Redwood City, California, Veza is now part of the ServiceNow family, with the acquisition closing in March 2026. The combination brings together Veza's AI-native Access Graph with ServiceNow's AI Control Tower and agentic workflows, enabling organizations to enforce end-to-end identity security rooted in the principle of least privilege across applications, data, cloud environments, and AI agents. For engineers joining Veza today, this means the scale and resources of an enterprise platform company, with the product velocity and mission-driven focus of a security innovator at a pivotal moment in the industry.

Job DescriptionWhat you get to do in this role: A Veza Identity Governance / Lifecycle Management (LCM) Architect designs and deploys access controls, authorization policies, and automated workflows on the Veza platform. Candidates require 5 to 10+ years of IAM experience, proficiency with cloud/SaaS access management, and strong customer-facing consulting or engineering skills. QualificationsTo be successful in this role you have:

Core Qualifications & Experience 

Experience:

 5+ years of hand on professional experience in IAM (Identity and Access Management) architecture, security consulting, or customer success. [ 

Education:

 Bachelor's Degree in CS, Cybersecurity, or equivalent practical experience.

Platform Knowledge:

 Fluency in IGA (Identity Governance & Administration) platforms, authorization graphs, and access discovery.

Cloud & SaaS:

 Hands-on experience integrating identity platforms across cloud service providers (AWS, Azure, GCP) and enterprise SaaS (Microsoft 365, Salesforce, ServiceNow, GitHub). Technical Competencies 

Lifecycle Management:

 Deep understanding of Joiner/Mover/Leaver (JML) processes and automated provisioning workflows. 

Authorization Models:

 Mastery of RBAC (Role-Based Access Control), ABAC (Attribute-Based Access Control), and the Principle of Least Privilege. 

Non-Human Identities:

 Ability to govern and track machine identities, service accounts, and API keys. 

Scripting/APIs:

 Practical knowledge of building API-driven integrations using Python, REST APIs, or SQL. Soft Skills & Business Capabilities 

Executive Communication:

 Ability to translate complex access policies into actionable technical controls and advise CISOs/Security Leaders.

Project Leadership:

 Track record of gathering requirements, conducting stakeholder workshops, and leading deployments from kickoff to production.

Core Values:

 Veza typically looks for customer-centric problem solvers with an ownership mindset and can lead projects independently. FD21For positions in this location, we offer a base pay of $123,900 - $216,800, plus equity (when applicable), variable/incentive compensation and benefits. Sales positions generally offer a competitive On Target Earnings (OTE) incentive compensation structure. Please note that the base pay shown is a guideline, and individual total compensation will vary based on factors such as qualifications, skill level, competencies, and work location. We also offer health plans, including flexible spending accounts, a 401(k) Plan with company match, ESPP, matching donations, a flexible time away plan and family leave programs. Compensation is based on the geographic location in which the role is located and is subject to change based on work location.

Additional InformationWork PersonasWe approach our distributed world of work with flexibility and trust. Work personas (flexible, remote, or required in office) are categories that are assigned to ServiceNow employees depending on the nature of their work and their assigned work location. Learn more here. To determine eligibility for a work persona, ServiceNow may confirm the distance between your primary residence and the closest ServiceNow office using a third-party service.

Equal Opportunity EmployerServiceNow is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, creed, religion, sex, sexual orientation, national origin or nationality, ancestry, age, disability, gender identity or expression, marital status, veteran status, or any other category protected by law. In addition, all qualified applicants with arrest or conviction records will be considered for employment in accordance with legal requirements. AccommodationsWe strive to create an accessible and inclusive experience for all candidates. If you require a reasonable accommodation to complete any part of the application process, or are unable to use this online application and need an alternative method to apply, please contact [email protected] for assistance. Export Control RegulationsFor positions requiring access to controlled technology subject to export control regulations, including the U.S. Export Administration Regulations (EAR), ServiceNow may be required to obtain export control approval from government authorities for certain individuals. All employment is contingent upon ServiceNow obtaining any export license or other approval that may be required by relevant export control authorities. From Fortune. ©2025 Fortune Media IP Limited. All rights reserved. Used under license.