Responsibilities
- Administer identity providers including Okta, Entra, and Google
- Implement and manage single sign-on, SCIM provisioning, and conditional access policies
- Enforce multi-factor authentication and passkey-based verification
- Deploy phishing-resistant authentication methods for high-privilege accounts
- Oversee internal tools and services to ensure productivity and operational efficiency
- Automate user lifecycle processes including onboarding, role changes, and offboarding within defined SLAs
- Conduct quarterly access reviews to validate permissions
- Prepare documented evidence of user access reviews for audit purposes
- Manage mobile device management across Mac, Windows, and Linux platforms
- Handle device enrollment and enforce compliance baselines for company fleet
- Operate endpoint detection and response systems including deployment, alert triage, and quarantine procedures
- Ensure full disk encryption with secure key escrow that is enforceable and verifiable
- Implement privilege management with no permanent local admin rights and just-in-time elevation
- Administer zero trust network access with per-application access controls and device posture checks
- Manage VPN infrastructure with always-on connectivity and no split tunneling for production environments
- Apply DNS filtering at the endpoint level independent of network location
- Secure cloud and SaaS environments through tenant configuration and access governance
- Enforce data loss prevention policies across endpoints and SaaS apps covering USB, clipboard, email, and off-network activity
- Operate secure access service edge and secure web gateway solutions for web filtering and detection of unauthorized IT
- Support compliance with ISO 27001 and SOC 2 by maintaining logs, inventories, and audit-ready reports
- Manage asset lifecycle from procurement through certified disposal with full audit trail
- Maintain an inventory of SaaS applications and vendors with ownership and security assessment records
- Oversee vendor lifecycle including selection, contract review, security evaluations, and ongoing accountability
- Configure SIEM log forwarding for endpoint and identity provider events to enable querying
- Enforce IT service management practices with documented ticket trails suitable for audit validation
Team
You will work closely with the Security/CISO, People, and Finance teams and serve as the primary point of contact for auditors.
Team
You will partner closely with Security/CISO, People, and Finance, and you'll be the person auditors talk to.