IAM - System Owner - Warsaw

IAM - System Owner

Warsaw

Nazwa pozycji IAM - System Owner

Lokalizacja Warszawa, Warsaw, Masovian Voivodeship, Polska

Firma International Workplace Group plc

Dodano 13. 11. 2025

Informacje o stanowisku

Join to apply for the IAM - System Owner role at International Workplace Group plc

About IWG – We’re changing the world of work. We believe that business success is underpinned by the effectiveness of its people. With locations in practically every country, city, town and transport hub, we enable people and businesses to work where, when and how they want.

Role overview

The role is to lead the MidPoint implementation project and subsequently own the platform. The candidate must have hands-on implementation experience with Evolveum MidPoint, covering design, deployment, and integration across a hybrid identity landscape. The role also includes governance and ownership of our Ping Identity platform for customer-facing identity services (CIAM), in collaboration with the Workforce Active Directory/Entra team. This is a strategic technical leadership role combining project delivery, system architecture, and long-term IAM ownership.

What you’ll need to succeed

To succeed in this role, you will need hands-on experience implementing and operating Evolveum MidPoint, including connector configuration, workflow design, and lifecycle automation, as well as strong knowledge of Active Directory and Microsoft Entra ID integration patterns. You should bring proven project leadership experience, having led an IAM implementation from design through rollout, with the ability to collaborate closely with the Workforce AD team, Security, HR, and business stakeholders. You should also have expertise in Ping Identity solutions (PingFederate, PingAccess, PingOne) to manage customer authentication, federation, and CIAM processes, and a solid command of identity protocols such as SAML, OAuth2, OpenID Connect, SCIM, and LDAP. Strong skills in automation and scripting (Groovy, PowerShell, Python), along with knowledge of compliance frameworks (GDPR, SOX, ISO 27001).

Key Responsibilities

MidPoint Implementation & Ownership: Lead the end-to-end implementation project for MidPoint, from requirements gathering and design to rollout and stabilization.
Architecture & Data Flows: Define architecture, connector strategy, and data flows between MidPoint, AD/Entra, HR systems, SaaS, and business applications.
Identity Lifecycle: Build and implement identity lifecycle workflows (joiner, mover, leaver, entitlement management).
Provisioning: Configure MidPoint connectors, schema extensions, and provisioning logic.
Governance & Delivery: Manage project stakeholders, timelines, and deliverables while ensuring secure, scalable, and compliant IAM processes.
Ownership Transition: Transition from project lead to system owner, responsible for ongoing operation, maintenance, and upgrades.

Ping Identity (Customer Identity): Act as system owner for Ping Identity (PingFederate, PingAccess, PingOne).
SSO & MFA: Design and manage SSO, MFA, consent management, and federation services for customer-facing portals and APIs.
Collaboration: Collaborate with application teams to integrate customer authentication and identity lifecycle processes.
Availability: Ensure high availability and performance of Ping services to support customer-facing workloads.

Collaboration & Integration: Work with Workforce AD/Entra team to ensure consistent identity lifecycle between MidPoint and AD/Entra.
Business Integration: Coordinate with HR, application owners, and Security teams for full IAM integration into business operations.
Hybrid Identity: Support a hybrid identity model with seamless handoff between MidPoint and authentication layers (AD/Entra).

Security & Compliance: Embed Zero Trust identity principles; apply Least Privilege using RBAC; implement Privilege Access Management and Privilege Identity Management.
Policy & Compliance: Ensure compliance with IWG’s Information Security Policy, Access Management Policy & Retention Policy, GDPR, ISO 27001, SOX, and related standards.
Auditing & Monitoring: Lead access reviews, entitlement certifications, and audit reporting; implement monitoring, alerting, and incident response for IAM platforms.
Security Collaboration: Ensure IAM applications are free from vulnerabilities by working with Security and DevSecOps, implementing tool-based recommendations.

Automation & Engineering: Develop automation for IAM workflows using Groovy, PowerShell, or Python; integrate MidPoint and Ping with REST APIs and SCIM endpoints; create and maintain technical docs and playbooks.

Required Skills & Experience: Proven experience implementing Evolveum MidPoint in an enterprise environment; strong MidPoint configuration, workflows, connectors, schema design, and provisioning automation; knowledge of AD/Entra integration patterns; expertise with Ping Identity; deep understanding of SAML 2.0, OAuth2, OpenID Connect, SCIM, LDAP; experience integrating IAM with HR/ERP, SaaS, and on-prem apps; scripting/automation experience; familiarity with compliance and audit practices; knowledge of cybersecurity, privacy principles, and BCDR.

Nice to Have: Experience leading IAM transformation programs; knowledge of PAM and API security; familiarity with DevOps/GitOps for IAM config management; certifications such as Ping Identity Certified Professional, Microsoft Identity & Access Administrator, CIAM, CISSP.