Manager, Identity & Access Management (IAM)

Welcome to Aventiv! Please watch this brief video to find out if this is the place you want to be!

Aventiv Technologies – Where your future awaits - YouTube

**Associate Referral Reward Eligible**

Job Purpose: The Manager of Identity and Access Management (IAM) is responsible for the strategic direction and operational integrity of the organization’s identity ecosystem. This role leads the effort to ensure secure, compliant, and seamless access to enterprise resources, balancing rigorous security standards with operational efficiency. The Manager will oversee the governance of digital identities, drive automation initiatives to enhance the user experience, and ensure that the identity architecture aligns with the organization's broader security posture and business objectives. 

Essential Duties:

• Lead, mentor, and develop a team of Identity & Access Management specialists, fostering a positive and productive work environment.
• Conduct regular performance evaluations, provide feedback, and implement professional development plans.
• Assign and prioritize tasks, ensuring efficient workflow and timely resolution of support requests.
• Serve as the primary owner of the Okta organization, managing Universal Directory, Lifecycle Management, and adaptive MFA policies.
• Oversee complex Entra ID (Azure AD) configurations, including Conditional Access policies, PIM (Privileged Identity Management), and Enterprise App registrations within the M365 tenant.
• Architect and maintain the federation between Okta and Entra ID to ensure unified identity synchronization and seamless user experiences.
• Manage the pipeline for integrating new SaaS applications into Okta via SAML/OIDC, ensuring consistent security standards.
• Manage the end-to-end identity lifecycle integration between UKG (HRIS) and Okta. Ensure accurate attribute mapping, logic handling for transfers/promotions, and immediate termination processing.
• Design and maintain automated provisioning/de-provisioning workflows (using Okta Workflows or PowerShell) to ensure zero-day readiness and reduce manual service desk tickets.
• Troubleshoot synchronization errors between UKG, Active Directory, and Okta to ensure downstream systems reflect accurate employee data.
• Execute periodic access certification campaigns within Okta/Entra ID to validate user entitlements and satisfy audit requirements.
• Enforce RBAC (Role-Based Access Control) models, specifically auditing Global Admin and other high-privilege roles within the M365 tenant.
• Manage relationships with IAM product vendors.
• Implement and maintain security controls related to the identity posture of the company.
• Track expenses and ensure cost-effectiveness.

Knowledge, Skills, and Abilities:

• Deep expertise in Okta Identity Cloud, specifically Universal Directory, Policy Frameworks, and Lifecycle Management.
• Advanced knowledge of Active Directory (multi-domain forests), Entra ID Connect (sync rules), and Entra ID (Azure AD) governance features.
• Strong ability to read and write JSON and interact with RESTful APIs, essential for building complex Okta Workflows and troubleshooting integrations.
• Expert understanding of authentication protocols (SAML 2.0, OIDC, OAuth 2.0, WS-Fed, Kerberos, LDAP) and the ability to troubleshoot handshakes using tools like Fiddler or browser developer tools.
• Knowledge of PowerShell for bulk administration and reporting (Microsoft Graph SDK); experience with Python is a plus.
• Detailed understanding of how HR data events (hire, rehire, leave of absence, termination) translate into technical identity attributes and access states.
• Familiarity with IAM-related security frameworks and standards, such as NIST SP 800-63 (Digital Identity Guidelines) and Zero Trust architecture principles.
• Superior analytical skills to deconstruct complex authentication failures that span across on-prem, cloud, and third-party systems.
• Experience working within ITIL frameworks, ensuring identity changes are documented, tested, and communicated effectively to minimize business disruption.
• Ability to manage multiple concurrent projects (e.g., app integrations, M&A migrations, upgrades) with competing deadlines.
• Ability to communicate complex IAM concepts to non-technical stakeholders (HR, Legal, Finance) and translate business requirements into technical solutions.
• Commitment to maintaining up-to-date documentation for system architecture, data flows, and operational runbooks for the Service Desk.

Minimum Qualifications:

• High school diploma or GED
• 5 years progressive experience in Identity & Access Management, including at least 1 year in a supervisory role and 2 years of experience managing Okta tenant in an enterprise environment.
• Experience managing vendor support relationships (opening/escalating tickets with Okta/Microsoft) and monitoring licensing usage/budget.
• Demonstrated experience managing HR-driving provisioning integrations (integrating an HRIS with an IdP).
• Proven leadership experience mentoring technical staff.

Preferred Qualifications:

• Bachelor’s degree in information technology, Computer Science, or related field.
• Industry Certifications such as: CISM, CCSP, CISSP, CISA
• Okta Certified Administrator
• Okta Certified Consultant
• Microsoft Certified Identity and Access Administrator Associate (SC-300) or Cybersecurity Architect Expert (SC-100)
• Direct experience integrating UKG Pro or UKG Dimensions with Okta
• Experience with Okta Advanced Server Access (ASA) or Entra ID Identity Governance features.

Physical Requirements:

• While performing the duties of this job, the employee is regularly required to: stand, sit, talk, hear, and use hands and fingers to operate a computer, telephone, and a variety of office equipment.
• Occasionally, this position may need to reach, stoop, or kneel.

Salary and Benefits:

At Aventiv, our salary and benefits are designed to fit you as a whole person. We offer a salary range based on experience and qualifications to ensure your unique contributions are met with our most competitive offer.

• $123,853.69 - $140,000.00 per year
• Eligible for $255 to purchase company equipment (keyboard, monitor, headset, etc.
• Health Insurance
• 401(k)
• Disability
• Life Insurance
• Paid Time Off
• Voluntary Benefits

Aventiv Privacy Policy:

www.aventiv.com/privacy

Equal Employment Policy:

Aventiv is proud to be an equal opportunity employer. All decisions regarding recruiting, hiring, promotion, assignment, training, termination and other terms and conditions of employment will be made without regard to race, color, national origin, biological sex, sexual orientation, gender identity, gender expression, gender presentation, religion, age, pregnancy, disability, work-related injury, veteran status, genetic information, marital status, or any other factor that the law protects from employment discrimination. We do not discriminate based on genetic information in accordance with the Genetic Information Nondiscrimination Act.