Manager - Identity & Access Management (IAM) Service Owner

Key Responsibilities

• Oversee the health, performance, and security of on‑premises AD environments. 
• Govern domain controllers, group policies, OU structure, and replication.
• Ensure AD configuration aligns with best practices, zero‑trust principles, and audit requirements.
• Manage privileged access within AD, including tiering models and admin roles.
• Govern identity lifecycle processes in Entra ID, including provisioning, deprovisioning, and role assignments.
• Manage conditional access policies, MFA, SSO integrations, and identity protection features.
• Oversee application registrations, enterprise apps, and federated identity configurations.
• Ensure secure hybrid identity operations (Entra Connect, cloud sync, password hash sync).
• Own joiner, mover, leaver (JML) processes and ensure timely, accurate access provisioning.
• Govern privileged access across AD, Entra ID, and critical systems.
• Work with Security to enforce least‑privilege, role‑based access control (RBAC), and zero‑trust principles.
• Ensure access reviews, recertifications, and segregation‑of‑duties controls are executed.
• Own the organisation’s certificate lifecycle management, including issuance, renewal, and revocation.
• Manage internal PKI infrastructure, certificate authorities, and related policies.
• Ensure certificates for servers, applications, devices, and users are maintained and compliant. 
• Prevent outages by proactively monitoring certificate expiry and automating renewal processes. 
• Ensure identity and access services comply with internal policies, regulatory standards, and audit requirements. 
• Maintain audit‑ready documentation for AD, Entra ID, and PKI.
• Support security teams with identity‑related investigations, vulnerability remediation, and risk management.
• Partner with application owners to integrate systems with AD/Entra ID for authentication and SSO.
• Track and report on identity service performance, access trends, and compliance metrics.
• Identify opportunities to automate provisioning, improve user experience, and reduce access‑related incidents.
• Drive continuous improvement initiatives across identity services, PKI, and authentication processes. Maintain accurate documentation for identity architecture, access workflows, and certificate processes.
• Ensure runbooks, SOPs, and support guides are up to date and accessible to operational teams. Provide training and guidance to Service Desk and support teams on identity and access processes.

Skills, Knowledge and Expertise

• Bachelor’s degree in IT, Computer Science, Cybersecurity, or equivalent experience. 
• ITIL Foundation and relevant Microsoft identity/certificate training preferred. 

• 3–5+ years experience in end-to-end ownership of IAM, Directory Services, or Security Operations. 
• Strong hands‑on experience with Active Directory, Microsoft Entra ID, and certificate management/PKI. 
• Proven ability to manage identity lifecycle processes, privileged access, and audit requirements.