If you’re currently implementing your workflow, one possible solution would be to use the new “ISC Remove All Access” feature.
With this feature, you can configure removal of access directly through lifecycle state configuration.
Once you activate Remove All Access, you can then specify sources in the “Disable Accounts” section (for example, your CyberArk source).
When a user transitions to that particular lifecycle state, all of their access will be removed, and their accounts will be deactivated automatically.
You can find the full announcement here: New Capability: Remove All Access on Termination - Announcements / Product News - SailPoint Developer Community