Job Title:

AD/IDAM & Email Lead/Architect

Job Grade

G9A

 

Function:

Information Technology

Location:

Mumbai

 

 

 

 

 

Key Responsibilities

 

At Sun Pharma, we commit to helping you “Create your own sunshine”— by fostering an environment where you grow at every step, take charge of your journey and thrive in a supportive community.

Are You Ready to Create Your Own Sunshine?

As you enter the Sun Pharma world, you’ll find yourself becoming ‘Better every day’ through continuous progress. Exhibit self-drive as you ‘Take charge’ and lead with confidence. Additionally, demonstrate a collaborative spirit, knowing that we ‘Thrive together’ and support each other’s journeys.”

 

Position Summary:

We are seeking an accomplished and strategic Senior Domain Lead to oversee enterprise email and collaboration systems, Active Directory (AD), Identity & Access Management (IDAM), and their security and cloud integrations. The role focuses on end-to-end management and security governance across hybrid environments, ensuring scalable, secure, and compliant digital identity and collaboration infrastructure.

Key Responsibilities:

1. Infrastructure & Operations Management

Manage daily operations for Microsoft 365 (Exchange Online, Teams, SharePoint), Active Directory (on-prem and Azure AD), and domain services. Ensure stability and performance of hybrid AD and collaboration systems through proactive monitoring and incident management. Maintain internal and public DNS, DHCP, certificates, and domain name configurations.

2. Identity & Access Management (IDAM)

Own the implementation and operation of IDAM platforms supporting user lifecycle management, access provisioning, and deprovisioning. Design and manage SSO, MFA, conditional access, and privileged access controls (PAM) using tools like Azure AD, SailPoint, or Saviynt. Ensure proper RBAC models, access certifications, and policy enforcement across systems.

3. Email & AD Security

Strengthen security posture of email systems by configuring and maintaining anti-phishing, DLP, spam filtering, and encryption tools (e.g., Microsoft Defender for Office 365, Mimecast, Proofpoint). Implement and maintain DMARC, DKIM, SPF, and secure mail flow policies. Lead AD security hardening, including Tiered Administration, Kerberos policies, ACL reviews, and delegation best practices. Enforce least privilege, admin account separation, and monitoring of high-privilege actions (via SIEM or native auditing tools). Partner with SOC and Security teams to respond to identity and email-related threats or incidents.

4. Cloud Integration & Identity Governance

Administer and secure cloud identity solutions across Azure, Microsoft 365, and third-party SaaS platforms. Align hybrid AD and Azure AD with cloud security frameworks and Zero Trust principles. Manage B2B/B2C identities, OAuth/SAML integrations, and conditional access policies for external partners.

5. Projects & Transformation

Lead initiatives such as:

Email platform migration or consolidation (e.g., from on-prem to M365), Deployment of IDAM platforms, Secure collaboration tool rollouts, Cloud-first identity transformations. Define project scope, success metrics, resource plans, and stakeholder engagement strategy.

6. Compliance, Governance & Risk Management

Define and maintain governance frameworks for collaboration, identity, and directory services. Ensure alignment with compliance standards (e.g., GDPR, ISO 27001, HIPAA, SOX). Conduct periodic access reviews, admin audits, and mailbox permissions checks. Own documentation, runbooks, and policy lifecycle management.

7. Vendor & License Management

Manage third-party service providers and tools across email security, cloud identity, and collaboration suites. Oversee licensing, renewals, and performance reviews. Evaluate and onboard new solutions as per evolving enterprise needs.

8. Leadership & People Management

Lead a team of email, AD, cloud, and IDAM specialists. Assign responsibilities, set goals, and promote cross-skilling and upskilling. Ensure availability through structured support models, escalation procedures, and documentation.

 

 

 

 

Job Scope

Internal Interactions (within the organization)

IT functional team across globe.

External Interactions (outside the organization)

Vendors and OEM’s

Geographical Scope

Global

           

 

Job Requirements

Educational Qualification

Degree or appropriate professional qualification

Specific Certification

Certification & Trainings on following technology domains:

Microsoft Certified: Enterprise Administrator Expert Microsoft Certified: Identity and Access Administrator Associate Azure Administrator / Security Engineer Associate Certified Information Systems Security Professional (CISSP) – optional but a plus ITIL Foundation / Intermediate Project Management Certification (PMP / Prince2)

 

Experience

12-15 Years of experience

Skill (Functional & Behavioural):

Technical Skills:

Microsoft 365 administration: Exchange, Teams, SharePoint, Defender for O365 Hybrid AD and Azure AD, including AD Connect, GPOs, DNS, DHCP PowerShell scripting for automation and reporting Identity tools: SailPoint, Okta, Saviynt, Azure AD Premium Email security protocols: SPF, DKIM, DMARC Email filtering & security: Defender, Mimecast, Proofpoint AD security best practices and hardening (LAPS, tiering, auditing) Cloud identity and app integration (OAuth, SAML)

Soft Skills:

Strong leadership, communication, and cross-functional collaboration High attention to detail, especially around security and compliance Problem-solving under pressure and with complex systems Strategic thinking with a proactive mindset toward continuous improvement Pharma industry experience is an advantage.

Your Success Matters to Us

 

At Sun Pharma, your success and well-being are our top priorities! We provide robust benefits and opportunities to foster personal and professional growth. Join us at Sun Pharma, where every day is an opportunity to grow, collaborate, and make a lasting impact. Let’s create a brighter future together!

 

 

Disclaimer: The preceding job description has been designed to indicate the general nature and level of work performed by employees within this classification.  It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees as assigned to this job.  Nothing herein shall preclude the employer from changing these duties from time to time and assigning comparable duties or other duties commensurate with the experience and background of the incumbent(s).