Cloud Identity Administrator - Associate

iCapital is powering the world’s alternative investment marketplace. Our financial technology platform has transformed how advisors, wealth management firms, asset managers, and banks evaluate and recommend bespoke public and private market strategies for their high-net-worth clients. iCapital services approximately $214 billion in global client assets invested in 1,731 funds, as of December 2024.

iCapital has been named to the Forbes Fintech 50 for seven consecutive years (2018-2024); a three-time selection by Forbes to its list of Best Startup Employers (2021-2023); and a four-time winner of MMI/Barron’s Solutions Provider award (See link below). 

About the Role

iCapital is looking to hire a Cloud IAM Engineer to join the Corporate Technology department, whose mission is to empower individuals across the company with reliable and innovative technology. The Cloud IAM Engineer role is a technical position which will support our governance tools Saviynt and Okta along with Microsoft Entra ID. This role is responsible for managing and maintaining our identity governance platforms, creating and granting access to new users and non-human accounts, creating and maintaining birthright entitlements for departments and roles, leading recertification initiatives, deploying single sign-on applications, troubleshooting access and permission related requests, and maintaining an efficient user lifecycle management program.

In addition to these responsibilities, this role also requires IAM-related governance of our cloud environments and third-party applications which includes reviewing stale access, reducing over-privileged access etc. This role is supported by both the Corporate Technology and the Corporate Applications and Security departments.

Responsibilities

• Drive our IAM governance program as a highly technical individual by managing and maintaining our primary software, Saviynt and Okta.
• Implement and suggest best practices and more efficient workflows within our current environment. Identify gaps and recommend solutions to enhance internal processes.
• Collaborate across iCapital with department leads, management, senior technical engineers, and Information Security to ensure a secure and reliable IAM environment.
• Create and maintain automation pipelines within Saviynt and Okta via built-in tools and Terraform.
• Ensure a reliable user lifecycle management program where you will oversee user provisioning, deprovisioning, and access changes, ensuring accuracy and timeliness.
• Manage employee and service account access within Microsoft Entra ID and across other Corporate Technology owned third-party applications.
• Have a broad understanding of Information Technology, especially in relation to onboarding and offboarding processes.

Qualifications

• Bachelor’s degree in computer science, information technology, information security or equivalent work experience within the Information Technology field
• 4+ years of experience within Identity and Access Management related positions
• 2-4 years of experience with Identity management and governance tools like Sailpoint, Saviynt, Ping, Okta, and Microsoft Entra ID
• Experience with managing and maintaining birthright entitlements and privileged identity management (PIM)
• Experience with SAML and Oauth single sign-on applications within Okta, as well as auto-provisioning and SCIM
• Familiar with directory services and identity federation
• Experience with Terraform and IaC concepts
• Hands-on experience with maintaining role-based access for provisioning and entitlements
• Strong understanding of IAM and cloud governance practices and concepts
• Able to deliver clear and concisely written documentation for internal use across the company
• Able to speak confidently on topics related to the role's responsibilities
• Experience working in a regulated and secure environment where due diligence is required

• Certifications related to cloud platforms or Identity and Access Management are preferred
• Experience with cloud-native security tools and platforms is preferred
• Professional and calm attitude with a willingness to learn and develop towards a senior Cloud IAM Engineer

• Able to work independently when needed as well as work alongside department leaders, senior technical employees, and management level employees
• Excellent communication skills both written and verbal with technical and non-technical audiences
• Strong critical thinking and a detail orientated skillset

Benefits

The base salary range for this role is $100,000 to $125,000. iCapital offers a compensation package which includes salary, equity for all full-time employees, and an annual performance bonus. Employees also receive a comprehensive benefits package that includes an employer matched retirement plan, generously subsidized healthcare with 100% employer paid dental, vision, telemedicine, and virtual mental health counseling, parental leave, and unlimited paid time off (PTO).

We believe the best ideas and innovation happen when we are together. Employees in this role will work in the office Monday-Thursday, with the flexibility to work remotely on Friday.

For additional information on iCapital, please visit https://www.icapitalnetwork.com/about-us  Twitter: @icapitalnetwork | LinkedIn: https://www.linkedin.com/company/icapital-network-inc | Awards Disclaimer: https://www.icapitalnetwork.com/about-us/recognition/

iCapital is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, gender, sexual orientation, gender identity, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.