# Sangram Choudhuri

> Identity and Access Management (IAM) Architect/IAM Principal Software Engineer

Location: San Francisco Bay Area, United States
Profile: https://flows.cv/sangram

Identity and Access Management (IAM) Architect with 20 years of comprehensive experience in design, architecture, development and administration of Identity and Access Management (IAM) systems.

Responsible for managing and leading an onshore and offshore IAM team of 30+ team members with focus on delivering quality and satisfaction for large scale Identity solutions.

Specialties: Identity and Access Management (IAM), Information Security, Azure IAM, Sailpoint IdentityIQ, Multifactor Authentication, Thycotic Secret Server, Privileged Access Management (PAM), IDaaS, Web Services, SCIM, RESTful WebServices, LDAP, Active Directory, Project Management, Cloud Identity Management and Governance, RBAC, Conditional Access, Risk Based Access, Cloud Security, Oracle Cloud Identity Management

## Work Experience
### Principal Software Engineer, IAM @ Gap Inc.
Jan 2016 – Present | Pleasanton, CA
•Shape and execute forward-thinking enterprise IAM vision and strategy, aligning with broader cybersecurity, business objectives and positive end-user experience.
• Lead the deployment and lifecycle management of IAM platforms and services, including SSO, MFA, PAM, IGA, and directory services.
 •Mentor and lead a team of IAM engineers and analysts, while managing vendor relationships and contract negotiations.
• Lead and create project initiatives and strategy for On Premise and multiple Cloud IAM (Azure, Google Cloud and Oracle Cloud)
 •Establish and enforce IAM governance, including access reviews, RBAC, policy frameworks, and regulatory compliance (SOX and PCI)
• Secure and harden the environment using features such as zero trust, risk based authentication, conditional access, MFA and identity protection.
• Collaborate closely with project teams to identify key IAM technical requirements, prioritize requirements, catalog requirements, and assign them to project use cases and sprints.
• Perform Azure Identity Governance using RBAC, PIM, Access Package, Certifications, Conditional Access and Identity Protection
• Secrets Management using Azure Key Vault, Hashicorp Vault and Thycotic Secret Server
• Provide IAM solutions to meet least privileged access, Just in Time access and time bound access
• Regularly report to the CISO, CTO, and other senior leadership on the status of IAM initiatives, including progress on key projects, risks, and opportunities. 
 •Develop and present executive-level reports, dashboards, and metrics that demonstrate the effectiveness and value of IAM strategies and investments.
  •Drive the automation of IAM processes to reduce manual effort and empower end-users with self-service capabilities.
   •Oversee IAM risk assessments, audits, and incident response, ensuring alignment with internal controls and external standards.

### Technical Architect, Identity and Access Management @ NBCUniversal, Inc.
Jan 2010 – Jan 2016 | Universal City, Los Angeles, CA-91604
•	Serve as primary interface with business users and stakeholders for understanding the business processes, workflows and requirements gathering for Identity and Access Management 
•	Analyze requirements and Architect solutions, workflow processes and prepare technical design document
•	Assist in preparing road map for Identity and Access Management
•	Manage project plan and assign tasks to team
•	Manage support and development team at onsite and offshore
•	Monitor the implementation of the project
•	Develop code using programming language as Java, J2EE, XML, HTML and Xpress and tools such as Sailpoint IdentityIQ, Sun Identity Manager (Oracle Wavest), CA IdentityMinder, LDAP and Microsoft Active Directory
•	Design and develop REST Web Services(IDaaS) for Identity Management functions using SCIM
•	Design and develop Identity Warehouse (IDW) using java.
•	Provide solutions and processes to reduce security gaps in Identity management processes
•	Perform code review, design and test plan of team members
•	Develop custom connectors to provision into cloud applications like Dropbox and Air Watch
•	Integrate SPML, SOAP based applications, SAP, AS400, RACF, Oracle Database, Exchange into IdM for provisioning and deprovisioning
•	Facilitate user acceptance testing with different application owners and obtain sign off
•	Provide and execute innovation ideas to reduce effort and cost
•	Responsible for Identity Management products assessment and selection
•	Design develop self service Password Sync and reverse password sync between IDM, AD and SSO
•	Migrate processes from Oracle Waveset to new IDM Systems

### Technical Architect @ IGATE
Jan 2010 – Jan 2016

### Project Lead @ IGATE
Jan 2010 – Jan 2010
Client: GE Plastics
Tools/Programming Language: Sun Identity Manager, Active Directory, Java, Oracle, JSP, LDAP

Responsibilities:
•	Monitor and manage tickets queue raised by end users
•	Work on tickets within the end time mentioned in the ticket
•	Perform daily production tasks and handle server outages
•	Provide support to end users and application team owners
•	Discuss requirements different application owners for integrating new applications into IdM
•	Requirements analysis and design and coordinate with offshore
•	Prepare broad level design for Identity management system
•	Design system architecture
•	Perform code review of the code provided by offshore team
•	Perform system and integration testing
•	Deploy bug fix and enhancement to Production

### System Analyst @ IGATE
Jan 2008 – Jan 2009 | Englewood Cliffs, New Jersey
Client: NBCUniversal
Tools/Programming Language: Sun Identity Manager, Active Directory, Java, Oracle, JSP, MS-SQL Server, JBOSS

Responsibilities:
•	Perform requirements analysis from the details provided by the application team
•	Design and develop a common provisioning process framework.
•	Prepare high level design document, test plans and architecture for application integration into Identity Manager
•	Explain requirements to the offshore team and review the deliverable sent by the offshore team
•	Perform Identity Manager upgrade by coordinating with different teams
•	Perform user acceptance testing for the provisioning workflow with end users and application team owners and get their feedback
•	Implement the feedback and comments into the provisioning process framework and get sign off from end users and application team owners

### System Analyst @ IGATE
Jan 2007 – Jan 2008 | Cincinnati Area, Ohio
Client: GE Aviation
Tools/Programming Language: Sun Identity Manager, Active Directory, Java, Oracle, JSP

Responsibilities:
•	Analyze requirements document and prepare design and test plan
•	Train new team members in Sun Identity Manager
•	Perform Code Review, Testing and Deployment
•	Provide end user support 
•	Develop connectors and integrate applications into Identity Manager for provisioning and deprovisioning
•	Perform Unit testing
•	Troubleshoot production failures

### Software Engineer @ IGATE
Jan 2005 – Jan 2007
Client: GE Aviation
Tools/Programming Language: Sun Identity Manager, Active Directory, Java, Oracle

Responsibilities:
•	Analyze requirements document and prepare design and test plan
•	Built IdM Workflows, forms, rules and Configuration objects using Sun Identity manager 
•	Develop Custom Adapters in Java, J2EE, XPRESS, HTML and XML
•	Perform Unit testing
•	Analyze and document root cause for production failures


## Education
### Bachelor of Engineering (B.E.) in Computer Engineering
Berhampur University


## Contact & Social
- LinkedIn: https://linkedin.com/in/sangram-choudhuri-905b2892

---
Source: https://flows.cv/sangram
JSON Resume: https://flows.cv/sangram/resume.json
Last updated: 2026-04-12