Cloud Identity and Access Management (IAM) Engineer - Associate

iCapital is powering the world’s alternative investment marketplace. Our financial technology platform has transformed how advisors, wealth management firms, asset managers, and banks evaluate and recommend bespoke public and private market strategies for their high-net-worth clients. iCapital services approximately $210 billion in global client assets invested in 1,690 funds, as of November 2024.
iCapital has been named to the Forbes Fintech 50 for six consecutive years (2018 – 2024); a three-time selection by Forbes to its list of Best Startup Employers (2021-2023); and a three-time winner of MMI/Barron’s Solutions Provider award (See link below).

About the Role

The Cloud IAM Engineer role sits within the Corporate Technology department whose mission is to empower individuals across the firm with reliable and innovative technology.

The Cloud IAM Engineer role is a technical position which will support IAM functions within iCapital. These will focus primarily on our governance tools Saviynt and Okta along with Microsoft Entra ID. This role is responsible for managing and maintaining our identity governance platforms, creating and granting access to new users and non-human accounts, creating and maintaining birthright entitlements for departments and roles, leading recertification initiatives, deploying single sign-on applications, troubleshooting access and permission related requests, and maintaining an efficient user lifecycle management program. In addition to these responsibilities, this role also requires IAM-related governance of our cloud environments and third-party applications which includes reviewing stale access, reducing over-privileged access etc.

This is a highly technical and visible role which will have a large impact across a fast growing firm. Due to the nature of this role interfacing with department leaders, candidates must have a professional, calm attitude and the willingness to help others. Opportunity to drive IAM governance across our firm and provide input for best practices or ways to streamline various governance controls and policy will provide the right candidate with a highly rewarding path to deepening their technical and communication skills. This role is supported by both the Corporate Technology and the Corporate Applications and Security departments.

Responsibilities:

• Drive our IAM governance program as a highly technical individual by managing and maintaining our primary software, Saviynt and Okta.
• Implement and suggest best practices and more efficient workflows within our current environment. Identify gaps and recommend solutions to enhance internal processes.
• Collaborate across our firm with department leads, management, senior technical engineers, and Information Security to ensure a secure and reliable IAM environment.
• Create and maintain automation pipelines within Saviynt and Okta via built-in tools and Terraform.
• Ensure a reliable user lifecycle management program where you will oversee user provisioning, deprovisioning, and access changes, ensuring accuracy and timeliness.
• Manage employee and service account access within Microsoft Entra ID and across other Corporate Technology owned third-party applications.
• Have a broad understanding of Information Technology, especially in relation to onboarding and offboarding processes.
• Troubleshoot various software issues within our IAM software, Saviynt and Okta.

Qualifications:

• Bachelor's degree in Computer Science, Information Technology, Information Security or equivalent work experience within the Information Technology field.
• Minimum four years of experience within Identity and Access Management related positions.
• 2-4 years of experience with Identity management and governance tools like Sailpoint, Saviynt, Ping, Okta, and Microsoft Entra ID.
• Experience with managing and maintaining birthright entitlements and privileged identity management (PIM).
• Experience with SAML and Oauth single sign-on applications within Okta, as well as auto-provisioning and SCIM.
• Familiarity with directory services and identity federation.
• Experience with Terraform and IaC concepts.
• Hands on experience with maintaining role-based access for provisioning and entitlements.
• Strong understanding of IAM and cloud governance practices and concepts.
• Ability to deliver clear and concisely written documentation for internal use across the firm. Ability to speak confidently on topics related to the role's responsibilities.
• Experience with working in a regulated and secure environment where due diligence is required.

Preferred Qualifications:

• Certifications related to cloud platforms or Identity and Access Management.
• Experience with cloud-native security tools and platforms

Personal Attributes:

• Professional and calm attitude with a willingness to learn and develop towards a senior Cloud IAM Engineer.
• Ability to work independently when needed as well as work alongside department leaders, senior technical employees, and management level employees.
• Excellent communication skills both written and oral with technical and non-technical audiences.
• Strong critical thinking and a detail orientated skillset.

Employees in this role will work fully remote. Every department has different needs, and some positions will be designated in-office jobs, based on their function.

Benefits

iCapital offers a comprehensive benefits package that includes a total compensation program consisting of competitive salary, annual performance bonus, and equity for all full-time employees; healthcare with 100% employer-paid health and dental insurance; and generous paid time off (PTO).

For additional information on iCapital  please visit https://www.icapital.com/about-us  Twitter: @icapitalnetwork | LinkedIn: https://www.linkedin.com/company/icapital-network-inc