Lead IAM Engineer

Role Summary: Lead Platform Engineer working in the IAM team is responsible for enterprise-wide identity and access management across both Microsoft and Okta platforms. This highly visible role partners closely with teams across the organization, requiring a proactive, innovative mindset and a willingness to think beyond conventional approaches. Operating within an Agile environment, the team moves at pace to adapt to evolving business needs. Our technologists bring a diverse range of expertise and share a commitment to treating technology as a craft, with a strong focus on delivering high‑quality, customer‑centric outcomes. The team underpins critical business services, enabling key functions across the organization to deliver seamless and exceptional user experiences.

Responsibilities:

• Lead, mentor, and develop a team of IAM Engineers, fostering a culture of technical excellence, collaboration, and continuous improvement.
• Define engineering standards, best practices, and technical direction across the IAM platform.
• Provide technical leadership through architecture reviews, design discussions, and coaching.
• Drive project planning, prioritisation, and team capacity planning to ensure successful delivery.
• Contribute to the long‑term IAM strategy and technology roadmap.
• Design, build, and evolve enterprise Identity and Access Management solutions using Okta and Microsoft Entra ID.
• Engineer and automate Joiner, Mover, Leaver (JML) lifecycle processes using Okta Workflows.
• Design and implement secure Single Sign-On (SSO), Multi‑Factor Authentication (MFA), and identity governance solutions.
• Integrate enterprise applications using SAML, OAuth, OpenID Connect (OIDC), SCIM, and other modern authentication standards.
• Engineer and maintain hybrid identity services across Active Directory and Microsoft Entra ID.
• Develop PowerShell automation to improve provisioning, administration, and operational efficiency.
• Own the health, scalability, resilience, and security of the enterprise identity platform.
• Lead the planning, design, and implementation of IAM projects and platform enhancements.
• Produce and maintain technical documentation, architecture diagrams, runbooks, and engineering standards.
• Provide technical guidance during major incidents and act as the escalation point for complex identity‑related issues.
• Collaborate with Security, Infrastructure, Cloud, and Application teams to deliver secure identity solutions.
• Evaluate emerging identity technologies and recommend improvements that enhance security, automation, and user experience.

Qualifications:

• Bachelor's degree in Computer Science, Information Technology, or a related discipline (or equivalent practical experience).
• Experience leading or mentoring engineering teams in an enterprise technology environment.
• Strong hands‑on experience engineering enterprise Identity and Access Management solutions.
• 3+ years' experience with Okta Single Sign-On (SSO) and Lifecycle Management.
• 3+ years' experience with Okta Identity Governance (OIG).
• 3+ years' experience designing and building solutions using Okta Workflows.
• 5+ years' experience working with Active Directory in complex enterprise environments.
• Strong knowledge of Active Directory Group Policy and hybrid identity architectures.
• Experience with Microsoft Entra ID (Azure Active Directory).
• Experience with Azure Application Proxy or similar application proxy technologies.
• Strong PowerShell scripting skills with a focus on automation.
• Experience with Microsoft Certificate Services.
• Excellent troubleshooting, analytical, and problem‑solving skills.
• Ability to lead technical initiatives while remaining hands‑on with engineering work.
• Excellent communication and stakeholder management skills.
• Self‑motivated with the ability to work autonomously in a fast‑moving environment.

Desirable:

• ServiceNow
• Splunk
• Basic knowledge of System for Cross‑domain Identity Management (SCIM)

Salary & Benefits:

Base Salary Compensation Range GBP 59,400.00‑82,866.66. Bonus Target: 12.5% annual. Morningstar’s hybrid work environment gives you the opportunity to collaborate in‑person each week as we’ve found that we’re at our best when we’re purposely together. In most of our locations, our hybrid work model is four days in‑office each week. A range of other benefits are also available to enhance flexibility as needs change.

EEO Statement:

Morningstar is strongly committed to creating and preserving equal opportunity for all employees and applicants. We make all employment decisions—including recruitment, hiring, compensation, training, promotion, transfer, discipline, termination, and other personnel matters—without regard to race, color, ancestry, religion, sex, national origin, age, disability, protected veteran status, marital status, sexual orientation, genetic information, citizenship, gender identity and expression, parental status, or other legally protected characteristics or conduct. If, because of a medical condition or disability, you need a reasonable accommodation for any part of the employment process, please call +1 312 384-3900 or email AskHR@morningstar.com and let us know the nature of your request and your contact information.