For more than 170 years, The Hanover has been committed to delivering on our promises and being there when it matters the most. We live our values every day, demonstrating we CARE through our values, Sustainability initiatives and inclusive corporate culture. We are seeking a highly experienced and skilled Senior IAM Engineer who will be responsible for managing and enhancing Hanover’s identity and access management with a focus on Saviynt, in our Worcester, MA office or remote work arrangement This is a full-time, exempt role. POSITION OVERVIEW: This role supports the development and evolution of secure user life cycle management, Identity Access Governance, and integration of enterprise applications. You will focus on the technical design, engineering, and end‑to‑end implementation of Saviynt Identity Governance and Administration (IGA) solutions. The ideal candidate brings hands‑on technical expertise, strong hands-on experience delivering Saviynt capabilities, strong analytical skills, and experience collaborating with cross‑functional IT, engineering, and business teams. IN THIS ROLE, YOU WILL: - Saviynt technical lead, design & Engineering (Development and Operational support) - Lead the technical design, configuration, and implementation of Saviynt IGA solutions, including workflows, rules, connectors, analytics, roles, and policies. With a configuration first over customization approach. - Architect scalable, sustainable solutions supporting entitlements management, user life cycle management, RBAC, ABAC, access request and approval flows, certifications, and provisioning/de-provisioning. - Design and optimize Saviynt integrations with enterprise platforms such as Active Directory, Entra ID, HCM System, ServiceNow, Oracle EBS, PeopleSoft, and other connected/disconnected systems. - Develop and enhance custom connectors, REST/SOAP integrations, and provisioning logic as needed. - Configure policy and workflow in Saviynt for the intake and pre-processing of identity data, apply the appropriate workflow for the various use cases for incoming new identity or changes to identity, and configure the provisioning flows based on the connections and schedules required Implementation & Automation - Build custom workflows (within parameters that provide for ongoing vendor support), rules, request forms, task definitions, reporting, and risk models within Saviynt. - Automate repetitive IAM functions using appropriate, supportable, sustainable methods. - Create and maintain custom analytical reports, dashboards, and governance insights. - Work with Business Continuity teams to develop disaster recovery planning and testing cycles for IAM and IGA products and services. Identify resource dependencies and their criticality to the sustainability of the service for inclusion in DR planning and reconstitution exercises. Access Governance & Security Controls - Participate in access certification campaigns (user manager, entitlement owner, service accounts) and improve campaign efficiency through design enhancements. - Participate in Threat Model development/review with security team for all new IAM/IGA capabilities. - Collaborate with Enterprise Architecture, Security Architecture, and Engineering teams to drive implementation of SSO and federation standards (SAML, OAuth 2.0, OpenID Connect). - Implement and tune Saviynt policies, Segregation of Duties (SoD) rules, risk scores, and governance models to support least privilege and Zero Trust principles. Platform Operations & Optimization - Monitor and maintain the Saviynt environment for performance, reliability, capacity, and compliance. - Lead platform upgrades, migrations, and new feature rollouts. - Troubleshoot complex technical issues and provide Tier3 support for Saviynt related problems. Leadership, Collaboration & Strategy - Serve as a technical lead, guiding junior engineers and influencing architectural direction. - Engage with stakeholders, business owners, product teams, and security leadership to gather requirements and translate them into technical solutions. - Partner with audit, compliance, and SOX teams to provide evidence and ensure adherence to regulatory standards. - Collaborate with Architecture Team and Security Architecture on, solution designs, documentation, runbooks, SOPs, and operational playbooks. WHAT YOU NEED TO APPLY: - 8+ years of IAM engineering experience; 3+ years specializing in Saviynt. - Bachelor’s degree in Information Security or related field (or equivalent experience). - Must be eligible to work in the US without requiring sponsorship now or in the future (i.e Lawful Permanent Residence or US Citizen) - Expert hands on experience with Saviynt IGA, including configuring connectors, workflows, risk models, roles, rules, analytics, provisioning jobs, and certifications. - Familiarity with Microsoft Identity Manager (MIM), CyberArk, or other IAM/PAM tools. - Experience leading a technical team or serving as project technical lead. - User lifecycle management (ULM) - Entitlements Management and appropriate data correlation - Collaborate with cross-functional teams to assess correlated data for approach to formation of risk scoring - RBAC / ABAC design - SSO and federation (SAML, OAuth 2.0) - Privileged access governance - Proficiency PowerShell, Java, REST/SOAP APIs, Active Directory & LDAP - Cloud directories (Entra ID, AWS IAM, etc.), SQL, JSON, XML scripting fundamentals - Experience designing IAM architecture in large enterprise or regulated environments. - Strong understanding of IAM concepts including governance, provisioning, attestation, separation of duties, and compliance frameworks (SOX, NIST, ISO). - Strong analytical thinker with the ability to translate business needs into technical solutions. - Excellent communication and documentation skills. - Comfortable working across multiple teams and managing complex initiatives end-to-end. - Ability to mentor junior engineers and represent IAM engineering in technical discussions. - Ability to work independently as well as in a collaborative team environment. - Capability to manage multiple priorities and tasks simultaneously. - Easily adapt to new or different changing situations, requirements, or priorities. - Exhibit a personal drive to continually grow and enhance skills, knowledge, and scope of responsibilities. - Demonstrate solid verbal/written communication, listening, communication skills with and ability to communicate across all employee and management levels. - Use strong problem-solving skills to troubleshoot, debug, and optimize software applications. CAREER DEVELOPMENT: It’s not just a job, it’s a career, and we are here to support you every step of the way. We want you to be successful and fulfilled. Through on-the-job experiences, personalized coaching and our robust learning and development programs, we encourage you – at every level – to grow and develop. BENEFITS: We offer comprehensive benefits to help you be healthy, build financial security, and balance work and home life. At The Hanover, you’ll enjoy what you do and have the support you need to succeed. Benefits include: - Medical, dental, vision, life, and disability insurance - 401K with a company match - Tuition reimbursement - PTO - Company paid holidays - Flexible work arrangements - Cultural Awareness Day in support of IDE - On-site medical/wellness center (Worcester only) - Click here for the full list of Benefits EEO statement: The Hanover values diversity in the workplace and among our customers. The company provides equal opportunity for employment and promotion to all qualified employees and applicants on the basis of experience, training, education, and ability to do the available work without regard to race, religion, color, age, sex/gender, sexual orientation, national origin, gender identity, disability, marital status, veteran status, genetic information, ancestry or any other status protected by law. Furthermore, The Hanover Insurance Group is committed to providing an equal opportunity workplace that is free of discrimination and harassment based on national origin, race, color, religion, gender, ancestry, age, sexual orientation, gender identity, disability, marital status, veteran status, genetic information or any other status protected by law.” As an equal opportunity employer, Hanover does not discriminate against qualified individuals with disabilities. Individuals with disabilities who wish to request a reasonable accommodation to participate in the job application or interview process, or to perform essential job functions, should contact us at:HRServices@hanover.com and include the link of the job posting in which you are interested. Privacy Policy: To view our privacy policy and online privacy statement, click here. Applicants who are California residents: To see the types of information we may collect from applicants and employees and how we use it, please click here. Compensation: The target hiring range for this role may vary based on geographic location and other factors, including merit or performance, demonstrated proficiency, skills for the role, education, travel requirements, and experience. Additional compensation may include an annual bonus (which could take the form of a general bonus, sales incentive, or short-term incentive), long-term incentive or spot recognition awards. The posted range reflects our ability to hire at different position titles and levels depending on background and experience.