IAM System Owner, remote from anywhere in Europe!

Are you passionate about identity and access management in complex, international environments? Do you thrive at the intersection of IT security, governance, and business operations?

Join a global leader in flexible workspace solutions and take ownership of a critical IAM landscape supporting thousands of users worldwide.

The role

Our client is initiating a MidPoint implementation project, and is seeking an experienced Identity and Access Management (IAM) professional to lead the entire program and subsequently own the platform. This is a strategic technical leadership role that combines project delivery, system architecture, and long-term ownership of IAM platforms.

Your Responsibilities

MidPoint Implementation & Ownership

• Lead the end-to-end implementation project for MidPoint, from requirements gathering and design to rollout and stabilization.
• Define architecture, connector strategy, and data flows between MidPoint, AD/Entra, HR systems, SaaS, and business applications.
• Build and implement identity lifecycle workflows (joiner, mover, leaver, entitlement management).
• Configure MidPoint connectors, schema extensions, and provisioning logic.
• Manage project stakeholders, timelines, and deliverables while ensuring secure, scalable, and compliant IAM processes.
• Transition from project lead to system owner, responsible for ongoing operation, maintenance, and upgrades.

Ping Identity (Customer Identity)

• Act as system owner for Ping Identity (PingFederate, PingAccess, PingOne).
• Design and manage SSO, MFA, consent management, and federation services for customer-facing portals and APIs.
• Collaborate with application teams to integrate customer authentication and identity lifecycle processes.
• Ensure high availability and performance of Ping services to support customer-facing workloads.

Collaboration & Integration

• Work in close partnership with the Workforce AD/Entra team, ensuring consistent identity lifecycle between MidPoint and AD/Entra.
• Coordinate with HR, application owners, and Security teams to ensure IAM processes are fully integrated into business operations.
• Support a hybrid identity model, ensuring seamless handoff between authoritative source (MidPoint) and authentication layers (AD/Entra).

Security & Compliance

• Embed Zero Trust identity principles into all IAM solutions.
• Ensure Least Access Privilege Principals are applied using a Roles Based Access Control framework
• Ensure Privilege Access Management and Privilege Identity Management best practices are implemented
• Ensure compliance with Information Security Policy, Access Management Policy & Retention Policy specifically
• Ensure compliance with Information Security and Privacy best practices and regulations such as GDPR, ISO 27001, SOX, and other relevant standards.
• Lead access reviews, entitlement certifications, and audit reporting.
• Implement monitoring, alerting, and incident response for IAM platforms.
• Ensure IAM applications are free from vulnerabilities across the IT Stack (Application, Database, and Infrastructure layers) by working closely with the Security and DevSecOps teams, and implementing recommendations from the various Security tools that IWG utilises.

Automation & Engineering

• Develop automation for IAM workflows using Groovy, PowerShell, or Python.
• Integrate MidPoint and Ping with REST APIs, SCIM endpoints, and business systems.
• Create and maintain technical documentation and playbooks for system operation.

Requirements

• Proven experience in Identity & Access Management (IAM)
• Hands-on implementation experience with Evolveum MidPoint, covering design, deployment, and integration across a hybrid identity landscape.
• Strong knowledge of Active Directory and Microsoft Entra ID integration patterns
• Project leadership experience, having led an IAM implementation from design through rollout, with the ability to collaborate closely with the Workforce AD team, Security, HR, and business stakeholders.
• Expertise in Ping Identity solutions (PingFederate, PingAccess, PingOne) to manage customer authentication, federation, and CIAM processes
• Solid command of identity protocols such as SAML, OAuth2, OpenID Connect, SCIM, and LDAP
• Strong skills in automation and scripting (Groovy, PowerShell, Python), coupled with knowledge of compliance frameworks (GDPR, SOX, ISO 27001)
• Knowledge of cybersecurity policies and procedures
• Ability to collaborate cross-functionally in an international environment
• Strong analytical and problem-solving skills
• Fluent English (written and spoken)

Benefits

• Full-time, permanent contract
• Competitive salary package
• Remote working model
• International, fast-growing corporate environment
• Career growth opportunities within a global organization
• Exposure to enterprise-level IT security and infrastructure

Worldwiders Global Recruitment

Worldwiders is a global B2B-oriented recruitment company that specializes in executive search and specialist recruitment worldwide. Since our journey began in 2016, we have become the go-to partner for tailor-made recruitment solutions, connecting top talent with prestigious opportunities across the globe. With a proven track record of over 5000 successful placements and 400+ satisfied partners in 40+ countries, our expertise ensures that we match each talent and company with the best opportunities to drive career growth and organizational success. 

To cater to specific markets and meet the diverse needs of industries and roles across the globe, we operate through a diverse portfolio of five specialized brands: Nordic Jobs Worldwide, Multilingual Jobs Worldwide, Asian Jobs Worldwide, IT Jobs Worldwide, and our dedicated Executive Search brand. Each brand is uniquely designed to focus on particular markets, ensuring comprehensive and customized recruitment solutions. Contact us today to explore how we can elevate your career or support your recruitment needs.