Manager, Identity & Access Management (IAM)

About The Position

Requirements

• Deep expertise in Okta Identity Cloud, specifically Universal Directory, Policy Frameworks, and Lifecycle Management.
• Advanced knowledge of Active Directory (multi-domain forests), Entra ID Connect (sync rules), and Entra ID (Azure AD) governance features.
• Strong ability to read and write JSON and interact with RESTful APIs, essential for building complex Okta Workflows and troubleshooting integrations.
• Expert understanding of authentication protocols (SAML 2.0, OIDC, OAuth 2.0, WS-Fed, Kerberos, LDAP) and the ability to troubleshoot handshakes using tools like Fiddler or browser developer tools.
• Knowledge of PowerShell for bulk administration and reporting (Microsoft Graph SDK); experience with Python is a plus.
• Detailed understanding of how HR data events (hire, rehire, leave of absence, termination) translate into technical identity attributes and access states.
• Familiarity with IAM-related security frameworks and standards, such as NIST SP 800-63 (Digital Identity Guidelines) and Zero Trust architecture principles.
• Superior analytical skills to deconstruct complex authentication failures that span across on-prem, cloud, and third-party systems.
• Experience working within ITIL frameworks, ensuring identity changes are documented, tested, and communicated effectively to minimize business disruption.
• Ability to manage multiple concurrent projects (e.g., app integrations, M&A migrations, upgrades) with competing deadlines.
• Ability to communicate complex IAM concepts to non-technical stakeholders (HR, Legal, Finance) and translate business requirements into technical solutions.
• Commitment to maintaining up-to-date documentation for system architecture, data flows, and operational runbooks for the Service Desk.
• High school diploma or GED
• 5 years progressive experience in Identity & Access Management, including at least 1 year in a supervisory role and 2 years of experience managing Okta tenant in an enterprise environment.
• Experience managing vendor support relationships (opening/escalating tickets with Okta/Microsoft) and monitoring licensing usage/budget.
• Demonstrated experience managing HR-driving provisioning integrations (integrating an HRIS with an IdP).
• Proven leadership experience mentoring technical staff.

Nice To Haves

• Bachelor’s degree in information technology, Computer Science, or related field.
• Industry Certifications such as: CISM, CCSP, CISSP, CISA
• Okta Certified Administrator
• Okta Certified Consultant
• Microsoft Certified Identity and Access Administrator Associate (SC-300) or Cybersecurity Architect Expert (SC-100)
• Direct experience integrating UKG Pro or UKG Dimensions with Okta
• Experience with Okta Advanced Server Access (ASA) or Entra ID Identity Governance features.

Responsibilities

• Lead, mentor, and develop a team of Identity & Access Management specialists, fostering a positive and productive work environment.
• Conduct regular performance evaluations, provide feedback, and implement professional development plans.
• Assign and prioritize tasks, ensuring efficient workflow and timely resolution of support requests.
• Serve as the primary owner of the Okta organization, managing Universal Directory, Lifecycle Management, and adaptive MFA policies.
• Oversee complex Entra ID (Azure AD) configurations, including Conditional Access policies, PIM (Privileged Identity Management), and Enterprise App registrations within the M365 tenant.
• Architect and maintain the federation between Okta and Entra ID to ensure unified identity synchronization and seamless user experiences.
• Manage the pipeline for integrating new SaaS applications into Okta via SAML/OIDC, ensuring consistent security standards.
• Manage the end-to-end identity lifecycle integration between UKG (HRIS) and Okta. Ensure accurate attribute mapping, logic handling for transfers/promotions, and immediate termination processing.
• Design and maintain automated provisioning/de-provisioning workflows (using Okta Workflows or PowerShell) to ensure zero-day readiness and reduce manual service desk tickets.
• Troubleshoot synchronization errors between UKG, Active Directory, and Okta to ensure downstream systems reflect accurate employee data.
• Execute periodic access certification campaigns within Okta/Entra ID to validate user entitlements and satisfy audit requirements.
• Enforce RBAC (Role-Based Access Control) models, specifically auditing Global Admin and other high-privilege roles within the M365 tenant.
• Manage relationships with IAM product vendors.
• Implement and maintain security controls related to the identity posture of the company.
• Track expenses and ensure cost-effectiveness.

Benefits

• Eligible for $255 to purchase company equipment (keyboard, monitor, headset, etc.
• Health Insurance
• 401(k)
• Disability
• Life Insurance
• Paid Time Off
• Voluntary Benefits