Identity Access Management Systems Admin in Oxford

This role will be the technical engine behind our IAM platforms, ensuring our digital ecosystem remains secure and accessible. You will lead the deployment of identity solutions, configure integrations, and act as the bridge between our internal IT teams and our external managed service partners.

Duties include but are not limited to:

• Administer and Implement IAM Platforms: Serve as the primary technical owner for our Okta, Active Directory and Microsoft Entra ID environments, ensuring identity lifecycle management is secure, compliant, and efficient.
• Implement the Okta Security Roadmap: Execute hands-on deployments of security improvements, such as configuring device posture checking, patching alignment, and building out refined authentication policies.
• Enhance the End-User Experience: Champion initiatives to reduce user friction, such as optimizing Single Sign-On (SSO), reducing password entry requirements.
• Manage relationship with External Partners: Act as the primary liaison with our managed service provider for OKTA / Microsoft Entra ID / Active Directory. Clearly define operational boundaries, manage escalations, and coordinate with them on complex project work, integrations, and testing environment alignment.
• Liaise with internal teams: Liaise with infosec, architecture, infrastructure and support. Acting as the champion for IAM and ensuring that the processes and guidelines are respected.
• Ensure QA and Testing Integrity: Manage the quality assurance process for IAM rollouts. Maintain testing and production environments to enable robust testing and reliable deployments into production.
• Develop Technical Documentation: Create and maintain clear, user-friendly technical documentation and ticket-raising guidelines for ONTRC/SharePoint.
• SSO integrations: Implement and manage SSO integration and SCIM provisioning for SaaS and other applications.

PERSON SPECIFICATION

Essential

• Qualifications/ Education: Relevant certifications in Okta (e.g., Okta Certified Professional/Administrator) or equivalent in Microsoft Security/Identity.

Experience:

• Strong IAM Foundation: Demonstrable experience managing Identity and Access Management platforms.
• Integration & Troubleshooting: Proven experience integrating third-party applications with identity providers via SAML, OIDC and API integrations.
• Testing & QA: Experience maintaining and migrating configurations between testing/QA environments and production.
• Okta Expertise: Hands-on experience administering Okta (highly desirable, though candidates with strong alternative IAM backgrounds and a willingness to learn Okta will be considered).
• Other IDPs: Experience with other Identity Providers (e.g. Ping Identity, ForgeRock, Auth0, Keycloak, or Google Cloud Identity) would be highly beneficial.
• Okta Realms: Experience managing and configuring identity Realms will be considered a strong differentiator.
• Vendor Management: Experience working alongside or directing external managed service providers (MSPs).

Knowledge/Skills/ Abilities:

• Solid understanding of Active Directory and Microsoft Entra ID.
• Solid hands-on understanding of authentication and authorization protocols including SAML, OAuth 2.0, and OpenID Connect (OIDC).
• You are passionate about finding inefficiencies in the user journey and building elegant, secure solutions to fix them (e.g., reducing password fatigue).
• You possess strong communication skills and can clearly translate complex IAM changes to end-users through company-wide communications and training.
• Security-First Mindset: A highly security-conscious approach to access management and system configuration.

Attitude/Other Requirements: You are proactive; you do more than just fix urgent issues; you look ahead at the roadmap to make the platform better and more secure.