logo
AboutContactPrivacyCareerBlog
Hamburger Icon

Job Overview

Title:

Senior Domain Lead-AD/IDAM & Email Lead/Architect

Description:

hi,


we are having an opening for senior domain lead-ad/idam & email lead/architect at our mumbai location


job summary : we are seeking an accomplished and strategic senior domain lead to oversee enterprise email and collaboration systems, active directory (ad), identity & access management (idam), and their security and cloud integrations. the role focuses on end-to-end management and security governance across hybrid environments, ensuring scalable, secure, and compliant digital identity and collaboration infrastructure.



areas of responsibility :

key responsibilities:

1. infrastructure & operations management

  • manage daily operations for microsoft 365 (exchange online, teams, sharepoint), active directory (on-prem and azure ad), and domain services.
  • ensure stability and performance of hybrid ad and collaboration systems through proactive monitoring and incident management.
  • maintain internal and public dns, dhcp, certificates, and domain name configurations.

2. identity & access management (idam)

  • own the implementation and operation of idam platforms supporting user lifecycle management, access provisioning, and deprovisioning.
  • design and manage sso, mfa, conditional access, and privileged access controls (pam) using tools like azure ad, sailpoint, or saviynt.
  • ensure proper rbac models, access certifications, and policy enforcement across systems.

3. email & ad security

  • strengthen security posture of email systems by configuring and maintaining anti-phishing, dlp, spam filtering, and encryption tools (e.g., microsoft defender for office 365, mimecast, proofpoint).
  • implement and maintain dmarc, dkim, spf, and secure mail flow policies.
  • lead ad security hardening, including tiered administration, kerberos policies, acl reviews, and delegation best practices.
  • enforce least privilege, admin account separation, and monitoring of high-privilege actions (via siem or native auditing tools).


key responsibilities:

1. infrastructure & operations management

  • manage daily operations for microsoft 365 (exchange online, teams, sharepoint), active directory (on-prem and azure ad), and domain services.
  • ensure stability and performance of hybrid ad and collaboration systems through proactive monitoring and incident management.
  • maintain internal and public dns, dhcp, certificates, and domain name configurations.

2. identity & access management (idam)

  • own the implementation and operation of idam platforms supporting user lifecycle management, access provisioning, and deprovisioning.
  • design and manage sso, mfa, conditional access, and privileged access controls (pam) using tools like azure ad, sailpoint, or saviynt.
  • ensure proper rbac models, access certifications, and policy enforcement across systems.

3. email & ad security

  • strengthen security posture of email systems by configuring and maintaining anti-phishing, dlp, spam filtering, and encryption tools (e.g., microsoft defender for office 365, mimecast, proofpoint).
  • implement and maintain dmarc, dkim, spf, and secure mail flow policies.
  • lead ad security hardening, including tiered administration, kerberos policies, acl reviews, and delegation best practices.
  • enforce least privilege, admin account separation, and monitoring of high-privilege actions (via siem or native auditing tools).
  • partner with soc and security teams to respond to identity and email-related threats or incidents.

4. cloud integration & identity governance

  • administer and secure cloud identity solutions across azure, microsoft 365, and third-party saas platforms.
  • align hybrid ad and azure ad with cloud security frameworks and zero trust principles.
  • manage b2b/b2c identities, oauth/saml integrations, and conditional access policies for external partners.

5. projects & transformation

  • lead initiatives such as:
  • email platform migration or consolidation (e.g., from on-prem to m365),
  • deployment of idam platforms,
  • secure collaboration tool rollouts,
  • cloud-first identity transformations.
  • define project scope, success metrics, resource plans, and stakeholder engagement strategy.

6. compliance, governance & risk management

  • define and maintain governance frameworks for collaboration, identity, and directory services.
  • ensure alignment with compliance standards (e.g., gdpr, iso 27001, hipaa, sox).
  • conduct periodic access reviews, admin audits, and mailbox permissions checks.
  • own documentation, runbooks, and policy lifecycle management.

7. vendor & license management

  • manage third-party service providers and tools across email security, cloud identity, and collaboration suites.
  • oversee licensing, renewals, and performance reviews.
  • evaluate and onboard new solutions as per evolving enterprise needs.

8. leadership & people management

  • lead a team of email, ad, cloud, and idam specialists.
  • assign responsibilities, set goals, and promote cross-skilling and upskilling.
  • ensure availability through structured support models, escalation procedures, and documentation.

educational qualification : degree or appropriate professional qualification


specific certification :

certification & trainings on following technology domains:

  • microsoft certified: enterprise administrator expert
  • microsoft certified: identity and access administrator associate
  • azure administrator / security engineer associate
  • certified information systems security professional (cissp) optional but a plus
  • itil foundation / intermediate
  • project management certification (pmp / prince2)


  • experience : 12-15 years of experience


skill (functional & behavioural):

technical skills:

  • microsoft 365 administration: exchange, teams, sharepoint, defender for o365
  • hybrid ad and azure ad, including ad connect, gpos, dns, dhcp
  • powershell scripting for automation and reporting
  • identity tools: sailpoint, okta, saviynt, azure ad premium
  • email security protocols: spf, dkim, dmarc
  • email filtering & security: defender, mimecast, proofpoint
  • ad security best practices and hardening (laps, tiering, auditing)
  • cloud identity and app integration (oauth, saml)

soft skills:

  • strong leadership, communication, and cross-functional collaboration
  • high attention to detail, especially around security and compliance
  • problem-solving under pressure and with complex systems
  • strategic thinking with a proactive mindset toward continuous improvement
  • pharma industry experience is an advantage.

Salary:

$912464-$1332172 Annual

Company:

SUN PHARMA

Location:

Mumbai, Maharashtra, India

Quick Apply

© 2025 BestJobTool

About | Contact | Privacy | Career