20 Access Management jobs in the United Kingdom

Senior Identity & Access Management Engineer
Job Description:
Reporting to the Infrastructure Team Manager or Functional Director, the Senior Identity & Access Management Engineer is responsible for delivering and supporting high-quality services and systems that enable and empower our colleagues across the organisation. As a key technical contributor, the Senior IAM Engineer plays an important role in designing, implementing, and maintaining identity and infrastructure solutions through strong collaboration within the team and across Sage.
You will work as part of a supportive and experienced team, where you'll receive the coaching and development needed to succeed in your role, while also contributing your expertise to mentor junior team members and share best practices. You will support the delivery of projects and continuous improvement initiatives, working closely with peers and stakeholders to ensure high standards of quality, reliability, and performance.
You will work closely with the Principal Identity Engineer to help define and deliver our strategy and Roadmap. Supporting his technical vision with your extensive experience.
*** Please note this is a hybrid role - you will work 3 days a week from our Newcastle office. ***
Key Responsibilities:
Key Responsibilities include:
o Delivery and maintenance of robust technical solutions, including the configuration and management of both on-premise and cloud-based systems such as Entra ID, Active Directory, and supporting services like Multi-Factor Authentication, Conditional Access, Public Key Infrastructure, and DNS.
o Use of scripting and automation tools, particularly PowerShell, to streamline identity and access management operations and develop efficient, repeatable workflows
o Contributing to all phases of project delivery, including technical design, implementation, configuration, and documentation, while collaborating with technical leads and stakeholders throughout the lifecycle.
o Appling security best practices to identity and access management, including security hardening, privileged access controls, and audit measures, helping to ensure systems are secure and compliant.
o Collaborating effectively with cross-functional teams, aligning identity solutions with business and security requirements. Communicate clearly with both technical and non-technical stakeholders to ensure shared understanding and alignment.
o Commitment to staying updated on industry trends, emerging technologies and advancements in cloud identity and access management. Proactive in seeking out professional development opportunities.
o Being curious with a growth mindset and a proven ability to troubleshoot and resolve complex issues with experience in root cause analysis and the development of preventive measures to enhance system reliability.
o Supporting adoption of new technologies and tools, assisting with evaluations and sharing insights with the wider team to drive innovation and continuous improvement.
Requirements:
o Extensive experience with Active Directory and Entra ID, specifically areas like Conditional Access / Identity Protection / MFA / Domain Controllers / DNS / DHCP.
o Knowledge of Securing Identity Platforms such as Privileged Identity Management (PIM) and Role-based Access Control (RBAC).
o Familiarity with security tools and practices such as, Entra ID Governance, Defender for Identity, Microsoft Sentinel, Group Policy hardening, and Secure LDAP.
o Knowledge of Azure Security Centre features related to identity security.
o Proficiency in implementing and managing Entra ID B2B for external user collaboration.
o Experience with Entra Connect for integrating on-premise Active Directory with Entra ID.
o Proficiency in scripting languages such as PowerShell for automating Entra ID tasks and configurations.
o Experience with Infrastructure as Code (IaC) tools for managing Azure resources.
o Knowledge of Entra ID Graph API and Microsoft Graph API for programmatically managing Entra ID resources.
o Understanding of DNS principles, design and configuration.
o Integration of DNS services with Active Directory and Entra ID for name resolution and identity verification.
o Experience with implementing and managing Public Key Infrastructure (PKI) solutions.
o Knowledge of digital certificate management, including issuance, renewal, and revocation processes.
#LI-JM2
Function:
IT
Country:
United Kingdom
Office Location:
Newcastle
Work Place type:
Hybrid
Advert
Working at Sage means you're supporting millions of small and medium sized businesses globally with technology to work faster and smarter. We leverage the future of AI, meaning business owners spend less time doing routine tasks, like entering invoices and generating reports, and more time pursuing their ambitions.
Our colleagues are the best of the best. It's why we were awarded 2024 Best Places to Work by Glassdoor. Because to achieve extraordinary outcomes, we need extraordinary teams. This means infusing Sage with people who knock down barriers, continuously innovate, and want to experience their potential.
Learn more about working at Sage:sage.com/en-gb/company/careers/working-at-sage/
Watch a video about our culture:youtube.com/watch?v=qIoiCpZH-QE
We celebrate individuality and welcome you to join us if you embrace all backgrounds, identities, beliefs, and ways of working. If you need support applying, reach out
Learn more about DEI at Sage:sage.com/en-gb/company/careers/diversity-equity-and-inclusion/
Equal Employment Opportunity (EEO)
Sage is committed to Equal Employment Opportunity and providing reasonable accommodations to applicants with physical and/or mental disabilities.
In order to provide equal employment and advancement opportunities to all individuals, employment decisions at Sage will be based on merit, qualifications, and abilities. Sage does not discriminate in employment opportunities or practices on the basis of race, color, religion, sex, national origin, age, protected disability, veteran status, sexual orientation, gender identity, genetic information, or any other characteristic protected by applicable law.

**Do you want your voice heard and your actions to count?**



Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the worldu2019s leading financial groups. Across the globe, weu2019re 120,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.



With a vision to be the worldu2019s most trusted financial group, itu2019s part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.



Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.



**Overview of the Department/Section**



**Technology EMEA** currently consists of the following departments:


EMEA Markets Engineering
Corporate Investment & Transaction Banking Technology
Middle & Back Office Technology
Planning, Reporting, Administration & Head Office Liaison
Service Management
Infrastructure
Architecture, Middleware, Data Management & Enterprise Services
**IT Risk, Security & Control (RSC)**
Delivery for EMEA Branches
Technology Innovation Management



The Access Management, Policy & Reporting team sits within the IT Risk, Security & Control Department. The team is responsible for the following:


Provision of access for IT systems across MUFG Bank & EMEA Offices and MUFG Securities EMEA
Identity Access management process including Joiner, Mover, Leaver of identities and access reviews.
Folder access management.
Management and maintenance of all Technology core documentation (Bank and Securities Policies, Technical Standards, Procedures and Processes within the remit of the Head of Technology for Bank EMEA and the International Head of Technology for Securities/CIO.



The team is also responsible for submitting data to the Quarterly Business Review (QBR) Global Leads for selected regions and producing IT reports for senior management and the Board.



The Team reports directly to the Head of IT Risk, Security & Control.



**Main Purpose of the Role:**



In this role, you will be responsible for enforcing company policies and procedures related to identity and access management across MUFGu2019s banking arm and securities business under a dual-hat arrangement. Under this arrangement, you will act and make decisions on behalf of both the bank and the securities business, subject to the same remit and level of authority, and irrespective of the entity which employs you.



The candidate should have a good understanding of governance structures within the financial technology sector as well as knowledge of the key technical frameworks and audit requirements. In addition, the candidate is expected to have demonstrable communication and team-working skills. The candidate should also be willing provide ad-hoc support to the wider RSC teams.



**Key Responsibilities:**


Provide engineering support for Privileged Access Management (CyberArk) and Identity Access Management (RSA IGL) application.
Create and mature access reviews in the Identity Access Management application.
Represent the team in meetings to gather business requirement and lead on solutions as required.
Develop and mature folder access process.
Mature and implement privileged access controls
Investigate and closure of raised incidents assigned to team.
Manage queries relating to application operations including password and access issues etc.
Follow up with required approvers/stakeholders for approvals or clarifications through phone, email or tickets.
Contribute to the Knowledge Management Database. Record events and problems and their resolution in knowledge base/SOP.
Read and review the standard operating procedures and required training materials. Create additional documentation, as needed to support processes.
Identify and suggest possible improvements on procedures.
Engage in knowledge transfer session for any newly on boarded application that comes under the scope of user access management.
Follow-up and update relevant trackers and systems.
Define and communicate access role ownership accountabilities for business applications.
Identify vulnerabilities and gaps in identity access management operations and privileged access management operation process.
Creating KPIs for BAU processes.
Experience with active directory management of accounts and groups.
Experience in enforcing u2018least privilegeu2019 methodology for all access provisioning.
Ability to create reports with custom SQL queries
Investigate workflow errors including API issues with ServiceNow



**Qualifications & Experience**



**_Essential_**


Minimum Overall experience of 3-4 years in Access Management area.
Practical experience of CyberArk and RSA IGL or other applications
Experience using SQL/ PSQ and Oracle
Practical experience Web services protocols REST/SOAP.
Practical experience with JAVA/JSP
Practical experience with web development basics like HTML, CS, JS .
Maintain and upgrade Linux/Windows servers and databases SQL/Oracle
Excellent attention to detail and accuracy
Excellent communication skills, both written and spoken (Proficiency in English).
Excellent interpersonal skills.
The ability to multitask, manage large workloads and tight deadlines.
A proactive, motivated approach.
The ability to operate with urgency and prioritise work accordingly.
Strong decision making skills, the ability to demonstrate sound judgement.
Incident management/resolution processes.
Good to excellent understanding of computer systems and other tech products.
Good to excellent practical experience of Microsoft Office (Inc Visio).
Knowledge and experience of scripting in PowerShell.
Knowledge of IAM tool preferably RSA IGL.
Results driven, with a strong sense of accountability.
Process driven.
A calm approach, with the ability to perform well in a pressurized environment.
Experience working in IAM team.
Participate in IAM audit and review access control reports to identify potential risks.
Business facing experience.



**_Desirable_**


Knowledge of Technical/Cyber Security risk frameworks (e.g. ISO27001, NIST, FFIEC)
Experience of documenting IAM processes and procedures.
Flexibility in working in a 24/7 shift model
Risk Management processes.
Incident management.
Splunk experience.
ServiceNow experience.
Technical graduate.



We are open to considering flexible working requests in line with organisational requirements.



MUFG is committed to embracing diversity and building an inclusive culture where all employees are valued, respected and their opinions count. We support the principles of equality, diversity and inclusion in recruitment and employment, and oppose all forms of discrimination on the grounds of age, sex, gender, sexual orientation, disability, pregnancy and maternity, race, gender reassignment, religion or belief and marriage or civil partnership.



We make our recruitment decisions in a non-discriminatory manner in accordance with our commitment to identifying the right skills for the right role and our obligations under the law.



At MUFG, our colleagues are our greatest assets. Our Culture Principles provide a roadmap for how each of our colleagues must think and act to become more client-obsessed, inclusive and innovative. They reflect who we are, who we want to be and what we expect from one another. We are excited to see you take the next step in exploring a career with us and encourage you to spend more time reviewing them!



**Our Culture Principles**


Client Centric
People Focused
Listen Up. Speak Up.
Innovate & Simplify
Own & Execute

**Do you want your voice heard and your actions to count?**



Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the worldu2019s leading financial groups. Across the globe, weu2019re 120,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.



With a vision to be the worldu2019s most trusted financial group, itu2019s part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.



Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.



**Overview of the Department/Section**



**Technology EMEA** currently consists of the following departments:


EMEA Markets Engineering
Corporate Investment & Transaction Banking Technology
Middle & Back Office Technology
Planning, Reporting, Administration & Head Office Liaison
Service Management
Infrastructure
Architecture, Middleware, Data Management & Enterprise Services
**IT Risk, Security & Control (RSC)**
Delivery for EMEA Branches
Technology Innovation Management



The Access Management, Policy & Reporting team sits within the IT Risk, Security & Control Department. The team is responsible for the following:


Provision of access for IT systems across MUFG Bank & EMEA Offices and MUFG Securities EMEA
Identity Access management process including Joiner, Mover, Leaver of identities and access reviews.
Folder access management.
Management and maintenance of all Technology core documentation (Bank and Securities Policies, Technical Standards, Procedures and Processes within the remit of the Head of Technology for Bank EMEA and the International Head of Technology for Securities/CIO.



The team is also responsible for submitting data to the Quarterly Business Review (QBR) Global Leads for selected regions and producing IT reports for senior management and the Board.



The Team reports directly to the Head of IT Risk, Security & Control.



**Main Purpose of the Role:**



In this role, you will be responsible for enforcing company policies and procedures related to identity and access management across MUFGu2019s banking arm and securities business under a dual-hat arrangement. Under this arrangement, you will act and make decisions on behalf of both the bank and the securities business, subject to the same remit and level of authority, and irrespective of the entity which employs you.



The candidate should have a good understanding of governance structures within the financial technology sector as well as knowledge of the key technical frameworks and audit requirements. In addition, the candidate is expected to have demonstrable communication and team-working skills. The candidate should also be willing provide ad-hoc support to the wider RSC teams.



**Key Responsibilities:**


Provide engineering support for Privileged Access Management (CyberArk) and Identity Access Management (RSA IGL) application.
Create and mature access reviews in the Identity Access Management application.
Represent the team in meetings to gather business requirement and lead on solutions as required.
Develop and mature folder access process.
Mature and implement privileged access controls
Investigate and closure of raised incidents assigned to team.
Manage queries relating to application operations including password and access issues etc.
Follow up with required approvers/stakeholders for approvals or clarifications through phone, email or tickets.
Contribute to the Knowledge Management Database. Record events and problems and their resolution in knowledge base/SOP.
Read and review the standard operating procedures and required training materials. Create additional documentation, as needed to support processes.
Identify and suggest possible improvements on procedures.
Engage in knowledge transfer session for any newly on boarded application that comes under the scope of user access management.
Follow-up and update relevant trackers and systems.
Define and communicate access role ownership accountabilities for business applications.
Identify vulnerabilities and gaps in identity access management operations and privileged access management operation process.
Creating KPIs for BAU processes.
Experience with active directory management of accounts and groups.
Experience in enforcing u2018least privilegeu2019 methodology for all access provisioning.
Ability to create reports with custom SQL queries
Investigate workflow errors including API issues with ServiceNow



**Qualifications & Experience**



**_Essential_**


Minimum Overall experience of 3-4 years in Access Management area.
Practical experience of CyberArk and RSA IGL or other applications
Experience using SQL/ PSQ and Oracle
Practical experience Web services protocols REST/SOAP.
Practical experience with JAVA/JSP
Practical experience with web development basics like HTML, CS, JS .
Maintain and upgrade Linux/Windows servers and databases SQL/Oracle
Excellent attention to detail and accuracy
Excellent communication skills, both written and spoken (Proficiency in English).
Excellent interpersonal skills.
The ability to multitask, manage large workloads and tight deadlines.
A proactive, motivated approach.
The ability to operate with urgency and prioritise work accordingly.
Strong decision making skills, the ability to demonstrate sound judgement.
Incident management/resolution processes.
Good to excellent understanding of computer systems and other tech products.
Good to excellent practical experience of Microsoft Office (Inc Visio).
Knowledge and experience of scripting in PowerShell.
Knowledge of IAM tool preferably RSA IGL.
Results driven, with a strong sense of accountability.
Process driven.
A calm approach, with the ability to perform well in a pressurized environment.
Experience working in IAM team.
Participate in IAM audit and review access control reports to identify potential risks.
Business facing experience.



**_Desirable_**


Knowledge of Technical/Cyber Security risk frameworks (e.g. ISO27001, NIST, FFIEC)
Experience of documenting IAM processes and procedures.
Flexibility in working in a 24/7 shift model
Risk Management processes.
Incident management.
Splunk experience.
ServiceNow experience.
Technical graduate.



We are open to considering flexible working requests in line with organisational requirements.



MUFG is committed to embracing diversity and building an inclusive culture where all employees are valued, respected and their opinions count. We support the principles of equality, diversity and inclusion in recruitment and employment, and oppose all forms of discrimination on the grounds of age, sex, gender, sexual orientation, disability, pregnancy and maternity, race, gender reassignment, religion or belief and marriage or civil partnership.



We make our recruitment decisions in a non-discriminatory manner in accordance with our commitment to identifying the right skills for the right role and our obligations under the law.



At MUFG, our colleagues are our greatest assets. Our Culture Principles provide a roadmap for how each of our colleagues must think and act to become more client-obsessed, inclusive and innovative. They reflect who we are, who we want to be and what we expect from one another. We are excited to see you take the next step in exploring a career with us and encourage you to spend more time reviewing them!



**Our Culture Principles**


Client Centric
People Focused
Listen Up. Speak Up.
Innovate & Simplify
Own & Execute

**Do you want your voice heard and your actions to count?**
Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the world's leading financial groups. Across the globe, we're 120,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.
With a vision to be the world's most trusted financial group, it's part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.
Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.
**Overview of the Department/Section**
**Technology EMEA** currently consists of the following departments:
+ EMEA Markets Engineering
+ Corporate Investment & Transaction Banking Technology
+ Middle & Back Office Technology
+ Planning, Reporting, Administration & Head Office Liaison
+ Service Management
+ Infrastructure
+ Architecture, Middleware, Data Management & Enterprise Services
+ **IT Risk, Security & Control (RSC)**
+ Delivery for EMEA Branches
+ Technology Innovation Management
The Access Management, Policy & Reporting team sits within the IT Risk, Security & Control Department. The team is responsible for the following:
+ Provision of access for IT systems across MUFG Bank & EMEA Offices and MUFG Securities EMEA
+ Identity Access management process including Joiner, Mover, Leaver of identities and access reviews.
+ Folder access management.
+ Management and maintenance of all Technology core documentation (Bank and Securities Policies, Technical Standards, Procedures and Processes within the remit of the Head of Technology for Bank EMEA and the International Head of Technology for Securities/CIO.
The team is also responsible for submitting data to the Quarterly Business Review (QBR) Global Leads for selected regions and producing IT reports for senior management and the Board.
The Team reports directly to the Head of IT Risk, Security & Control.
**Main Purpose of the Role:**
In this role, you will be responsible for enforcing company policies and procedures related to identity and access management across MUFG's banking arm and securities business under a dual-hat arrangement. Under this arrangement, you will act and make decisions on behalf of both the bank and the securities business, subject to the same remit and level of authority, and irrespective of the entity which employs you.
The candidate should have a good understanding of governance structures within the financial technology sector as well as knowledge of the key technical frameworks and audit requirements. In addition, the candidate is expected to have demonstrable communication and team-working skills. The candidate should also be willing provide ad-hoc support to the wider RSC teams.
**Key Responsibilities:**
+ Provide engineering support for Privileged Access Management (CyberArk) and Identity Access Management (RSA IGL) application.
+ Create and mature access reviews in the Identity Access Management application.
+ Represent the team in meetings to gather business requirement and lead on solutions as required.
+ Develop and mature folder access process.
+ Mature and implement privileged access controls
+ Investigate and closure of raised incidents assigned to team.
+ Manage queries relating to application operations including password and access issues etc.
+ Follow up with required approvers/stakeholders for approvals or clarifications through phone, email or tickets.
+ Contribute to the Knowledge Management Database. Record events and problems and their resolution in knowledge base/SOP.
+ Read and review the standard operating procedures and required training materials. Create additional documentation, as needed to support processes.
+ Identify and suggest possible improvements on procedures.
+ Engage in knowledge transfer session for any newly on boarded application that comes under the scope of user access management.
+ Follow-up and update relevant trackers and systems.
+ Define and communicate access role ownership accountabilities for business applications.
+ Identify vulnerabilities and gaps in identity access management operations and privileged access management operation process.
+ Creating KPIs for BAU processes.
+ Experience with active directory management of accounts and groups.
+ Experience in enforcing 'least privilege' methodology for all access provisioning.
+ Ability to create reports with custom SQL queries
+ Investigate workflow errors including API issues with ServiceNow
**Qualifications & Experience**
**_Essential_**
+ Minimum Overall experience of 3-4 years in Access Management area.
+ Practical experience of CyberArk and RSA IGL or other applications
+ Experience using SQL/ PSQ and Oracle
+ Practical experience Web services protocols REST/SOAP.
+ Practical experience with JAVA/JSP
+ Practical experience with web development basics like HTML, CS, JS .
+ Maintain and upgrade Linux/Windows servers and databases SQL/Oracle
+ Excellent attention to detail and accuracy
+ Excellent communication skills, both written and spoken (Proficiency in English).
+ Excellent interpersonal skills.
+ The ability to multitask, manage large workloads and tight deadlines.
+ A proactive, motivated approach.
+ The ability to operate with urgency and prioritise work accordingly.
+ Strong decision making skills, the ability to demonstrate sound judgement.
+ Incident management/resolution processes.
+ Good to excellent understanding of computer systems and other tech products.
+ Good to excellent practical experience of Microsoft Office (Inc Visio).
+ Knowledge and experience of scripting in PowerShell.
+ Knowledge of IAM tool preferably RSA IGL.
+ Results driven, with a strong sense of accountability.
+ Process driven.
+ A calm approach, with the ability to perform well in a pressurized environment.
+ Experience working in IAM team.
+ Participate in IAM audit and review access control reports to identify potential risks.
+ Business facing experience.
**_Desirable_**
+ Knowledge of Technical/Cyber Security risk frameworks (e.g. ISO27001, NIST, FFIEC)
+ Experience of documenting IAM processes and procedures.
+ Flexibility in working in a 24/7 shift model
+ Risk Management processes.
+ Incident management.
+ Splunk experience.
+ ServiceNow experience.
+ Technical graduate.
We are open to considering flexible working requests in line with organisational requirements.
MUFG is committed to embracing diversity and building an inclusive culture where all employees are valued, respected and their opinions count. We support the principles of equality, diversity and inclusion in recruitment and employment, and oppose all forms of discrimination on the grounds of age, sex, gender, sexual orientation, disability, pregnancy and maternity, race, gender reassignment, religion or belief and marriage or civil partnership.
We make our recruitment decisions in a non-discriminatory manner in accordance with our commitment to identifying the right skills for the right role and our obligations under the law.
At MUFG, our colleagues are our greatest assets. Our Culture Principles provide a roadmap for how each of our colleagues must think and act to become more client-obsessed, inclusive and innovative. They reflect who we are, who we want to be and what we expect from one another. We are excited to see you take the next step in exploring a career with us and encourage you to spend more time reviewing them!
**Our Culture Principles**
+ Client Centric
+ People Focused
+ Listen Up. Speak Up.
+ Innovate & Simplify
+ Own & Execute

Job Title: Access Management Engineers

Location: Coventry/Birmingham, UK (Hybrid)

Duration: 6-month contract under Inside IR35

Working Mode: Hybrid (3 days onsite a week)

Job description:

Key Responsibilities:

• Lead the design, build, and validation of refreshed mission-critical Active Directory infrastructure, including an upgrade to the latest functional levels. This

will involve patching and securing Windows Server 2022 Core OS, ensuring compatibility with modern systems and security standards.

• Manage and support Entra ID pilot initiatives in a development environment, including AWS Workspaces and Win11 devices. Ensure smooth configuration

and integration of AD/Entra products within this environment.

• Act as a trusted advisor on the design and implementation of IAM solutions, providing in-depth expertise on how core desktop, infrastructure, cloud, and

network landscapes integrate with IAM processes and workflows.

• Develop and drive the IAM roadmap, ensuring a balance between functional requirements, cost, service quality, and system management.

• Collaborate closely with cross-functional teams (security, cloud, network, infrastructure, etc.) to deliver seamless IAM solutions across all environments,

ensuring consistent application of best practices for identity governance, authentication, and access management.

• Lead IAM-related infrastructure projects, from planning and design to execution and post-implementation support, with a focus on scalability, security, and

compliance.

• Provide expertise in Active Directory and related technologies, guiding the technical team on complex challenges and identifying solutions to optimize

access management workflows.

• Review and refine IAM policies and processes to ensure compliance with security standards, regulatory requirements, and organizational needs.

• Continuously monitor and enhance IAM solutions, proactively identifying opportunities for improvement or optimization within the environment.

• Troubleshoot and resolve IAM-related incidents and issues, providing timely and effective support to internal teams

Required Skills and Experience:

• Strong experience in Active Directory design, implementation, and management, with a deep understanding of AD

functional levels, replication, and security best practices.

• Proven expertise in Windows Server 2022 Core OS, including patch management and hardening.

• Solid knowledge and hands-on experience with Entra ID (Azure AD) and cloud-based identity management solutions

(AWS, Azure).

• Experience working with modern desktop environments (e.g., Windows ) and enterprise IT infrastructure, including cloud

platforms like AWS.

• Proficiency in configuring, troubleshooting, and integrating IAM solutions across hybrid cloud environments.

• Demonstrated ability to lead technical projects, collaborating with multiple teams to deliver IAM solutions on time and

within scope.

• Strong understanding of IAM principles, including authentication, authorization, role-based access control (RBAC), and

identity governance.

• Experience in system security, risk management, and compliance frameworks (e.g., GDPR, NIST, ISO 27001).

• Excellent problem-solving skills and the ability to manage complex technical issues under pressure.

• Strong communication skills, with the ability to explain complex IAM concepts to both technical and non-technical

stakeholders.

**Do you want your voice heard and your actions to count?**



Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the worldu2019s leading financial groups. Across the globe, weu2019re 120,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.



With a vision to be the worldu2019s most trusted financial group, itu2019s part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.



Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.



Corporate Technology is responsible for the operation, development and support of all applications across all areas of the business. Corporate Technology ensures IT strategy, architecture and solutions are aligned to business requirements. This role reports to the CISO and is part of the Risk, Security and Control (RSC) team. RSC are collectively responsible for ensuring IT Security and Risk is managed through Identity and Access Management and Cyber Security. Additionally, RSC ensures all risks are recorded and where possible mitigated and IT controls, procedures and policies are implemented successfully.



**NUMBER OF DIRECT REPORTS**



3 direct u2013 Full Team size of 30



**MAIN PURPOSE OF THE ROLE**



An exciting opportunity is available to join this group for a senior experienced leader with a technical background in identity, PAM and Access Management. They will lead the team and provide the technical capability to support the creation of a strategic direction for IAM. This will include the tool set choices, supporting and maintaining the overall service health, managing vendors and ensuring the direction taken aligns with the overall strategic objectives of the organisation.



The team handles day to day management of all Authentication, Privileged Access Management and Access Management needs of the business achieved by the following tools: Active Directory on premise, Entra ID for Cloud, CyberArk and RSA IG&L. There will need to be close co-ordination with the RSC and Infrastructure Teams. All technical documentation and platform standards must be kept up to date and technical direction and strategy must be developed and enhanced as required.



The successful candidate will be a very experienced leader and must familiarise themselves with the processes and procedures of the Bank quickly to be able to support and oversee the day to day platform and operational management. They must also provide the team with coaching and mentoring on best practice in the disciplines they are responsible for. Candidates will be expected to articulate complex technical matters in plain English to earn the support of senior management stakeholders and those technically less experienced. The role requires an excellent team player; a self-starter with a motivation and desire to seek out & deliver improvements and a drive to build the team and promote future platform opportunities for approval and funding. Experience of managing personnel both onshore and offshore is essential.



Candidates applying for this role must be able to demonstrate senior leadership and management skills, with around 10 years of experience, have an in-depth knowledge of Identity Management, Privileged Account Management technologies through either a Systems Engineer qualification or proven experience working in these specialities. Candidates should also be able to demonstrate practical experience and insight gained through similar roles including in-depth troubleshooting and team leadership skills.



**KEY RESPONSIBILITIES**



1. Provide strong and experienced leadership.



2. Govern and advise on technical direction for Authentication, PAM and Access Management, especially through technical workshops and 1:1 coaching sessions, to ensure alignment to business strategy.



3. Creation and maintenance of technical guides to convey facts simply and effectively to both peers and those less experienced.



4. Daily management and maintenance of the Authentication, PAM and Access Management platforms, ensuring service availability; health and performance monitoring & alerting and the maintenance of operational & technical documentation.



5. Balance technical fact / opinion against business risk / delivered service to provide well thought through guidance to support technical staff with incident; problem investigation and project decisions.



6. Proactively initiate investigations for improvements for standard operating processes and procedures, utilising the current owned / licensed tools available, to evidence and escalate issues to the management team. Candidate should be comfortable in communicating with all levels of the management hierarchy.



7. Produce and interpret service performance and security data to provide analysis for investigations; baseline performance and trend reports for management to highlight areas of focus / improvement and on-going change.



8. Play a leading role in documenting, presenting and using direct communication to map software lifecycle, create work breakdown structures (WBS) and the appropriate supporting documentation to ensure that the software remains current and supportable without disruption to the organisation.



9. Lead technical delivery, supporting the programme and project managers delivering specialist tasks to time and cost.



10. Work with the problem management function under the ITIL framework to investigate potential issues through to a timely resolution.



**WORK EXPERIENCE**



Apart from strong managerial experience, candidates must be able to demonstrate an advanced level of knowledge and experience in the following technical areas:


Microsoft Active Directory u2013 Advanced trouble-shooting and configuration
Microsoft Active Directory u2013 Experience of global 10,000+ user multi-Forest Environment
Entra ID u2013 Advanced troubleshooting and configuration
Entra ID u2013 management via Powershell modules and Graph API
CyberArk Privileged Access Management
DNS configuration and advanced troubleshooting
Group Policy Objects
Quest Change Auditor
Quest Forest Recovery Manager
Active Directory Certificate Services
Active Directory Federated Services
Azure AD Connect configuration
Azure AD Connect Connectors, sync rules and metaverse queries
Entra ID Conditional Access Policies
SSO implementation via SAML and OAUTH
Powershell script creation
Powershell Automation and centralised management
Multi-Factor Authentication configuration via MS Authenticator
User Lifecycle Management
Role Based Access Control
Access Management Systems (general)
RSA IG&L troubleshooting and configuration



**SKILLS AND EXPERIENCE**



**Functional / Technical Competencies:**



Essential


An experienced leader
To a certified level in around half of the work experience subjects above.



Preferred:


To a certified level in more than half of the work experience subjects above.



**Education / Qualifications:**



Essential


Degree or equivalent experience



**PERSONAL REQUIREMENTS**


Personal alignment to MUFG Values
Integrity & Responsibility
Professionalism & Teamwork
Challenge ourselves to grow


Personal alignment to EMEA Cultural Principles
Client Centric
People Focused
Listen Up, Speak Up
Innovate & Simplify
Own & Execute


Excellent communication skills
Results driven, with a strong sense of accountability
A proactive, motivated approach.
The ability to operate with urgency and prioritise work accordingly
Strong decision making skills, the ability to demonstrate sound judgement
A structured and logical approach to work
Strong problem solving skills
A creative and innovative approach to work
Excellent interpersonal skills
The ability to manage large workloads and tight deadlines
Excellent attention to detail and accuracy
A calm approach, with the ability to perform well in a pressurised environment
Strong numerical skills
Excellent Microsoft Office skills
A confident approach, with the ability to provide clear direction to your team
Excellent managerial/leadership experience
The ability to lead a high performing team
A strategic approach, with the ability to lead and motivate your team
The ability to articulate and implement the vision/strategy for the RSC department



We are open to considering flexible working requests in line with organisational requirements.



MUFG is committed to embracing diversity and building an inclusive culture where all employees are valued, respected and their opinions count. We support the principles of equality, diversity and inclusion in recruitment and employment, and oppose all forms of discrimination on the grounds of age, sex, gender, sexual orientation, disability, pregnancy and maternity, race, gender reassignment, religion or belief and marriage or civil partnership.



We make our recruitment decisions in a non-discriminatory manner in accordance with our commitment to identifying the right skills for the right role and our obligations under the law.



At MUFG, our colleagues are our greatest assets. Our Culture Principles provide a roadmap for how each of our colleagues must think and act to become more client-obsessed, inclusive and innovative. They reflect who we are, who we want to be and what we expect from one another. We are excited to see you take the next step in exploring a career with us and encourage you to spend more time reviewing them!



**Our Culture Principles**


Client Centric
People Focused
Listen Up. Speak Up.
Innovate & Simplify
Own & Execute

**Do you want your voice heard and your actions to count?**



Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the worldu2019s leading financial groups. Across the globe, weu2019re 120,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.



With a vision to be the worldu2019s most trusted financial group, itu2019s part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.



Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.



Corporate Technology is responsible for the operation, development and support of all applications across all areas of the business. Corporate Technology ensures IT strategy, architecture and solutions are aligned to business requirements. This role reports to the CISO and is part of the Risk, Security and Control (RSC) team. RSC are collectively responsible for ensuring IT Security and Risk is managed through Identity and Access Management and Cyber Security. Additionally, RSC ensures all risks are recorded and where possible mitigated and IT controls, procedures and policies are implemented successfully.



**NUMBER OF DIRECT REPORTS**



3 direct u2013 Full Team size of 30



**MAIN PURPOSE OF THE ROLE**



An exciting opportunity is available to join this group for a senior experienced leader with a technical background in identity, PAM and Access Management. They will lead the team and provide the technical capability to support the creation of a strategic direction for IAM. This will include the tool set choices, supporting and maintaining the overall service health, managing vendors and ensuring the direction taken aligns with the overall strategic objectives of the organisation.



The team handles day to day management of all Authentication, Privileged Access Management and Access Management needs of the business achieved by the following tools: Active Directory on premise, Entra ID for Cloud, CyberArk and RSA IG&L. There will need to be close co-ordination with the RSC and Infrastructure Teams. All technical documentation and platform standards must be kept up to date and technical direction and strategy must be developed and enhanced as required.



The successful candidate will be a very experienced leader and must familiarise themselves with the processes and procedures of the Bank quickly to be able to support and oversee the day to day platform and operational management. They must also provide the team with coaching and mentoring on best practice in the disciplines they are responsible for. Candidates will be expected to articulate complex technical matters in plain English to earn the support of senior management stakeholders and those technically less experienced. The role requires an excellent team player; a self-starter with a motivation and desire to seek out & deliver improvements and a drive to build the team and promote future platform opportunities for approval and funding. Experience of managing personnel both onshore and offshore is essential.



Candidates applying for this role must be able to demonstrate senior leadership and management skills, with around 10 years of experience, have an in-depth knowledge of Identity Management, Privileged Account Management technologies through either a Systems Engineer qualification or proven experience working in these specialities. Candidates should also be able to demonstrate practical experience and insight gained through similar roles including in-depth troubleshooting and team leadership skills.



**KEY RESPONSIBILITIES**



1. Provide strong and experienced leadership.



2. Govern and advise on technical direction for Authentication, PAM and Access Management, especially through technical workshops and 1:1 coaching sessions, to ensure alignment to business strategy.



3. Creation and maintenance of technical guides to convey facts simply and effectively to both peers and those less experienced.



4. Daily management and maintenance of the Authentication, PAM and Access Management platforms, ensuring service availability; health and performance monitoring & alerting and the maintenance of operational & technical documentation.



5. Balance technical fact / opinion against business risk / delivered service to provide well thought through guidance to support technical staff with incident; problem investigation and project decisions.



6. Proactively initiate investigations for improvements for standard operating processes and procedures, utilising the current owned / licensed tools available, to evidence and escalate issues to the management team. Candidate should be comfortable in communicating with all levels of the management hierarchy.



7. Produce and interpret service performance and security data to provide analysis for investigations; baseline performance and trend reports for management to highlight areas of focus / improvement and on-going change.



8. Play a leading role in documenting, presenting and using direct communication to map software lifecycle, create work breakdown structures (WBS) and the appropriate supporting documentation to ensure that the software remains current and supportable without disruption to the organisation.



9. Lead technical delivery, supporting the programme and project managers delivering specialist tasks to time and cost.



10. Work with the problem management function under the ITIL framework to investigate potential issues through to a timely resolution.



**WORK EXPERIENCE**



Apart from strong managerial experience, candidates must be able to demonstrate an advanced level of knowledge and experience in the following technical areas:


Microsoft Active Directory u2013 Advanced trouble-shooting and configuration
Microsoft Active Directory u2013 Experience of global 10,000+ user multi-Forest Environment
Entra ID u2013 Advanced troubleshooting and configuration
Entra ID u2013 management via Powershell modules and Graph API
CyberArk Privileged Access Management
DNS configuration and advanced troubleshooting
Group Policy Objects
Quest Change Auditor
Quest Forest Recovery Manager
Active Directory Certificate Services
Active Directory Federated Services
Azure AD Connect configuration
Azure AD Connect Connectors, sync rules and metaverse queries
Entra ID Conditional Access Policies
SSO implementation via SAML and OAUTH
Powershell script creation
Powershell Automation and centralised management
Multi-Factor Authentication configuration via MS Authenticator
User Lifecycle Management
Role Based Access Control
Access Management Systems (general)
RSA IG&L troubleshooting and configuration



**SKILLS AND EXPERIENCE**



**Functional / Technical Competencies:**



Essential


An experienced leader
To a certified level in around half of the work experience subjects above.



Preferred:


To a certified level in more than half of the work experience subjects above.



**Education / Qualifications:**



Essential


Degree or equivalent experience



**PERSONAL REQUIREMENTS**


Personal alignment to MUFG Values
Integrity & Responsibility
Professionalism & Teamwork
Challenge ourselves to grow


Personal alignment to EMEA Cultural Principles
Client Centric
People Focused
Listen Up, Speak Up
Innovate & Simplify
Own & Execute


Excellent communication skills
Results driven, with a strong sense of accountability
A proactive, motivated approach.
The ability to operate with urgency and prioritise work accordingly
Strong decision making skills, the ability to demonstrate sound judgement
A structured and logical approach to work
Strong problem solving skills
A creative and innovative approach to work
Excellent interpersonal skills
The ability to manage large workloads and tight deadlines
Excellent attention to detail and accuracy
A calm approach, with the ability to perform well in a pressurised environment
Strong numerical skills
Excellent Microsoft Office skills
A confident approach, with the ability to provide clear direction to your team
Excellent managerial/leadership experience
The ability to lead a high performing team
A strategic approach, with the ability to lead and motivate your team
The ability to articulate and implement the vision/strategy for the RSC department



We are open to considering flexible working requests in line with organisational requirements.



MUFG is committed to embracing diversity and building an inclusive culture where all employees are valued, respected and their opinions count. We support the principles of equality, diversity and inclusion in recruitment and employment, and oppose all forms of discrimination on the grounds of age, sex, gender, sexual orientation, disability, pregnancy and maternity, race, gender reassignment, religion or belief and marriage or civil partnership.



We make our recruitment decisions in a non-discriminatory manner in accordance with our commitment to identifying the right skills for the right role and our obligations under the law.



At MUFG, our colleagues are our greatest assets. Our Culture Principles provide a roadmap for how each of our colleagues must think and act to become more client-obsessed, inclusive and innovative. They reflect who we are, who we want to be and what we expect from one another. We are excited to see you take the next step in exploring a career with us and encourage you to spend more time reviewing them!



**Our Culture Principles**


Client Centric
People Focused
Listen Up. Speak Up.
Innovate & Simplify
Own & Execute

**Summary:**
Meta's security team is the central engine driving data and systems security at the company, supporting Meta and all of its family of apps. The org is responsible for inhibiting malicious actors from compromising our environment, detecting and responding to them before they do damage if they do, ensuring we are maintaining the protections we say we will, and engaging with the community to help those outside the company learn from the work we do. We work across all parts of the company, from the corporate infrastructure to production to external services, interfacing with nearly every team in the company.The Security Engineer Intern will be responsible for identifying and enforcing solutions to control access to internal systems. An ideal candidate is someone that has technical knowledge of the broad aspects of information security, and is able to identify deficiencies in the access management space. This role suits someone with an interest or understanding of the IAM concepts that can be applied to our internal IAM solutions. The position requires a basic understanding of security principles, complemented by technical, coding and communication skills coupled with a strong desire to learn.
**Required Skills:**
Security Engineer Intern, Identity & Access Management Responsibilities:
1. Design and implement systems that enhance the security of Meta's Identity & Access Management Systems
2. Develop scripts using a range of programming languages, including but not limited to Python/C++ and PHP/Hack
3. Write performance-optimized queries for large data sets
4. Conduct design and code reviews
5. Identify and drive changes as needed for assigned codebase, product area and/or systems
6. Collaborate and coordinate project efforts with cross-functional teams to ensure seamless execution
7. Articulate security findings to internal to a variety of stakeholders, including both technical and non-technical stakeholders
8. Research and provide recommendations on technical, physical, and administrative controls based on the security findings
9. Participate in the development and oversight of corrective actions relating to security issues
10. Participate in cross-functional, team, and status review meetings
**Minimum Qualifications:**
Minimum Qualifications:
11. Currently enrolled in a full-time, degree-seeking program and in the process of obtaining a Bachelors or Masters degree in computer science or a related field
12. Experience coding in an industry-standard language (e.g. Python, C++, PHP, Java)
13. Interest in assessing security deficiencies in first-party/internal information systems and recommending mitigating controls
14. Interest in evaluating systems architectural designs, data-flow diagrams and technical security implementations, particularly in context of access management in different geographical locations
15. Interest in developing security reporting and recommendations that are meaningful, defensible and actionable
16. Ability to manage competing priorities and simultaneous projects in a fast paced environment
17. Strong communication skills: both written and verbal, interpersonal skills, and ability to work cross-functionally with various teams
18. Must obtain work authorization in the country of employment at the time of hire and maintain ongoing work authorization during employment
**Preferred Qualifications:**
Preferred Qualifications:
19. Contributions to the security community (public research, blogging, presentations, etc)
20. Participation in capture the flag competitions, cybersecurity hackathons, bug bounty programs, or similar
21. Program and project management skills
22. Knowledge or understanding of compliance, SOX, SOC2, NIST, PCI, ISO, and other security regulations
23. Strong analytical and problem-solving skills, including a basic understanding of data analysis techniques
24. Intent to return to full-time degree program after completion of the internship
**Industry:** Internet