IAM System Owner

About IWG

We’re changing the world of work. We believe that business success is underpinned by the effectiveness of its people. So, we made it our mission to help millions of people have a great day at work – every day. With locations in practically every country, city, town and transport hub, and options ranging from an hour’s coworking to multi-year office space leases, we enable people and businesses to work where, when and how they want.

Technology in IWG

We’re focused on delivering seamless digital propositions which allow customers to instantly manage their requirements and position IWG as the “Digital First” workspace provider. As early adopters of the latest technologies - whether it be Artificial Intelligence, Office IoT, Data or IOT Solutions - we create business value and are constantly striving to find new and improved ways to help our customers. Which is why we’re always on the look-out for intelligent, energetic, self-motivated, and curious individuals. We want to bring about a global workspace revolution and want you to help.

https://www.iwgplc.com/

The role

We are initiating our MidPoint implementation project and are seeking an experienced Identity and Access Management (IAM) professional to lead the entire program and subsequently own the platform. The candidate must have hands-on implementation experience with Evolveum MidPoint, covering design, deployment, and integration across a hybrid identity landscape.

In addition to MidPoint, the candidate will also be responsible for governance and ownership of our Ping Identity platform for customer-facing identity services (CIAM), while collaborating closely with the Workforce Active Directory/Entra team.

This is a strategic technical leadership role that combines project delivery, system architecture, and long-term ownership of IAM platforms.

What you’ll need to succeed

To succeed in this role, you will need hands-on experience implementing and operating Evolveum MidPoint, including connector configuration, workflow design, and lifecycle automation, as well as strong knowledge of Active Directory and Microsoft Entra ID integration patterns. You should bring proven project leadership experience, having led an IAM implementation from design through rollout, with the ability to collaborate closely with the Workforce AD team, Security, HR, and business stakeholders. Success also requires expertise in Ping Identity solutions (PingFederate, PingAccess, PingOne) to manage customer authentication, federation, and CIAM processes, along with a solid command of identity protocols such as SAML, OAuth2, OpenID Connect, SCIM, and LDAP. Strong skills in automation and scripting (Groovy, PowerShell, Python), coupled with knowledge of compliance frameworks (GDPR, SOX, ISO 27001), will ensure you can deliver a secure, scalable, and future-proof IAM ecosystem

Key Responsibilities

MidPoint Implementation & Ownership

• Lead the end-to-end implementation project for MidPoint, from requirements gathering and design to rollout and stabilization.
• Define architecture, connector strategy, and data flows between MidPoint, AD/Entra, HR systems, SaaS, and business applications.
• Build and implement identity lifecycle workflows (joiner, mover, leaver, entitlement management).
• Configure MidPoint connectors, schema extensions, and provisioning logic.
• Manage project stakeholders, timelines, and deliverables while ensuring secure, scalable, and compliant IAM processes.
• Transition from project lead to system owner, responsible for ongoing operation, maintenance, and upgrades.

Ping Identity (Customer Identity)

• Act as system owner for Ping Identity (PingFederate, PingAccess, PingOne).
• Design and manage SSO, MFA, consent management, and federation services for customer-facing portals and APIs.
• Collaborate with application teams to integrate customer authentication and identity lifecycle processes.
• Ensure high availability and performance of Ping services to support customer-facing workloads.

Collaboration & Integration

• Work in close partnership with the Workforce AD/Entra team, ensuring consistent identity lifecycle between MidPoint and AD/Entra.
• Coordinate with HR, application owners, and Security teams to ensure IAM processes are fully integrated into business operations.
• Support a hybrid identity model, ensuring seamless handoff between authoritative source (MidPoint) and authentication layers (AD/Entra).

Security & Compliance

• Embed Zero Trust identity principles into all IAM solutions.
• Ensure Least Access Privilege Principals are applied using a Roles Based Access Control framework
• Ensure Privilege Access Management and Privilege Identity Management best practices are implemented
• Ensure compliance with IWG’s Information Security Policy, Access Management Policy & Retention Policy specifically
• Ensure compliance with Information Security and Privacy best practices and regulations such as GDPR, ISO 27001, SOX, and other relevant standards.
• Lead access reviews, entitlement certifications, and audit reporting.
• Implement monitoring, alerting, and incident response for IAM platforms.
• Ensure IAM applications are free from vulnerabilities across the IT Stack (Application, Database, and Infrastructure layers) by working closely with the Security and DevSecOps teams, and implementing recommendations from the various Security tools that IWG utilises.

Automation & Engineering

• Develop automation for IAM workflows using Groovy, PowerShell, or Python.
• Integrate MidPoint and Ping with REST APIs, SCIM endpoints, and business systems.
• Create and maintain technical documentation and playbooks for system operation.

Required Skills & Experience

• Proven experience implementing Evolveum MidPoint in an enterprise environment (from design through to production rollout).
• Strong hands-on skills in MidPoint configuration, workflows, connectors, schema design, and provisioning automation.
• Knowledge of Active Directory/Entra ID integration patterns and hybrid identity models.
• Expertise with Ping Identity solutions (PingFederate, PingAccess, PingOne) for customer identity management.
• Deep understanding of identity protocols: SAML 2.0, OAuth2, OpenID Connect, SCIM, LDAP.
• Experience integrating IAM with HR/ERP systems, SaaS platforms, and on-prem apps.
• Scripting/automation experience (Groovy, PowerShell, Python).
• Familiarity with compliance frameworks and IAM audit practices.
• Knowledge of cybersecurity policies and procedures
• Knowledge of privacy principles and practices
• Knowledge of business continuity and disaster recovery (BCDR) policies and procedures
• Knowledge of enterprise architecture (EA) reference models and frameworks

Nice to Have

• Experience leading IAM transformation programs or greenfield IAM implementations.
• Knowledge of Privileged Access Management (PAM) and API security.
• Familiarity with DevOps/GitOps practices for IAM configuration management.
• Certifications such as Ping Identity Certified Professional, Microsoft Identity & Access Administrator, CIAM certifications, CISSP.