Welcome to Aventiv! Please watch this brief video to find out if this is the place you want to be!
Aventiv Technologies – Where your future awaits - YouTube
**Associate Referral Reward Eligible**
Job Purpose: The Principal, Identity and Access Management (IAM) is the senior technical authority for the organization’s identity ecosystem. This individual contributor role is responsible for defining the technical vision, engineering standards, and architectural direction of the IAM program. The Principal works closely with IAM team members, engineering peers, and leadership to ensure secure, compliant, and seamless access to enterprise resources — balancing rigorous security standards with operational efficiency. This role leads through technical expertise: mentoring through hands-on collaboration, driving automation and innovation, and ensuring the identity architecture aligns with the organization’s broader security posture and business objectives.
Essential Duties:
- Define and own the technical roadmap for the IAM program, setting engineering standards, design patterns, and best practices for the team to follow.
- Serve as the subject matter expert (SME) and escalation point for complex IAM issues spanning on-premises, cloud, and hybrid environments.
- Evaluate emerging identity technologies, protocols, and vendor capabilities; make recommendations to leadership on adoption and investment.
- Author and maintain reference architectures, technical design documents, and decision records for the IAM domain.
- Serve as the primary technical owner of the Okta organization, managing Universal Directory, Lifecycle Management, and adaptive MFA policies.
- Engineer and optimize complex Entra ID (Azure AD) configurations, including Conditional Access policies, Privileged Identity Management (PIM), and Enterprise App registrations within the M365 tenant.
- Architect and maintain the federation between Okta and Entra ID to ensure unified identity synchronization and seamless user experiences.
- Design and manage the pipeline for integrating new SaaS applications into Okta via SAML/OIDC, ensuring consistent security standards.
- Own the end-to-end identity lifecycle integration between UKG (HRIS) and Okta. Ensure accurate attribute mapping, logic handling for transfers/promotions, and immediate termination processing.
- Design and build automated provisioning/de-provisioning workflows (using Okta Workflows, PowerShell, or Python) to ensure zero-day readiness and reduce manual service desk tickets.
- Troubleshoot synchronization errors between UKG, Active Directory, and Okta to ensure downstream systems reflect accurate employee data.
- Execute and improve periodic access certification campaigns within Okta/Entra ID to validate user entitlements and satisfy audit requirements.
- Enforce and evolve RBAC (Role-Based Access Control) models, specifically auditing Global Admin and other high-privilege roles within the M365 tenant.
- Implement and continuously improve security controls related to the organization’s identity posture, aligned with Zero Trust principles.
- manage multiple concurrent technical initiatives (e.g., app integrations, M&A migrations, platform upgrades) with competing deadlines.
- Contribute to audit evidence preparation and regulatory compliance efforts related to identity and access.
- Provide technical guidance and hands-on coaching to IAM team members through design reviews, pair troubleshooting, and knowledge-sharing sessions.
- Partner with Security, Infrastructure, Application, and Service Desk teams to ensure identity solutions are well-integrated and operationally supported.
- Translate complex IAM concepts for non-technical stakeholders (HR, Legal, Finance) and convert business requirements into technical solutions.
- Maintain up-to-date documentation for system architecture, data flows, and operational runbooks for the Service Desk.
Knowledge, Skills, and Abilities:
- Deep expertise in Okta Identity Cloud, specifically Universal Directory, Policy Frameworks, and Lifecycle Management.
- Advanced knowledge of Active Directory (multi-domain forests), Entra ID Connect (sync rules), and Entra ID (Azure AD) governance features.
- Strong ability to read and write JSON and interact with RESTful APIs, essential for building complex Okta Workflows and troubleshooting integrations.
- Expert understanding of authentication protocols (SAML 2.0, OIDC, OAuth 2.0, WS-Fed, Kerberos, LDAP) and the ability to troubleshoot handshakes using tools like Fiddler or browser developer tools.
- Proficiency in PowerShell for bulk administration and reporting (Microsoft Graph SDK); experience with Python is a plus.
- Detailed understanding of how HR data events (hire, rehire, leave of absence, termination) translate into technical identity attributes and access states.
- Familiarity with IAM-related security frameworks and standards, such as NIST SP 800-63 (Digital Identity Guidelines) and Zero Trust architecture principles.
- Experience working within ITIL frameworks, ensuring identity changes are documented, tested, and communicated effectively to minimize business disruption.
- Strong written and verbal communication skills with the ability to influence technical direction without direct authority.
Minimum Qualifications:
- High school diploma or GED.
- 5 years of progressive experience in Identity & Access Management, including at least 3 years managing an Okta tenant in an enterprise environment.
- Demonstrated experience designing and implementing HR-driven provisioning integrations (integrating an HRIS with an IdP).
- Experience managing vendor support relationships (opening/escalating tickets with Okta/Microsoft) and monitoring licensing usage.
- Proven track record of setting technical standards and providing architectural guidance to engineering teams.
Preferred Qualifications:
- Bachelor’s degree in Information Technology, Computer Science, or related field.
- Industry certifications such as: CISM, CCSP, CISSP, CISA.
- Okta Certified Administrator.
- Okta Certified Consultant.
- Microsoft Certified Identity and Access Administrator Associate (SC-300) or Cybersecurity Architect Expert (SC-100).
- Direct experience integrating UKG Pro or UKG Dimensions with Okta.
- Experience with Okta Advanced Server Access (ASA) or Entra ID Identity Governance features.
- Experience authoring technical roadmaps or reference architectures for IAM programs.
Physical Requirements:
- While performing the duties of this job, the employee is regularly required to: stand, sit, talk, hear, and use hands and fingers to operate a computer, telephone, and a variety of office equipment.
- Occasionally, this position may need to reach, stoop, or kneel.
Salary and Benefits:
At Aventiv, our salary and benefits are designed to fit you as a whole person. We offer a salary range based on experience and qualifications to ensure your unique contributions are met with our most competitive offer.
- $115,751.11 - $131,956.26 per year
- Health Insurance
- 401(k)
- Disability
- Life Insurance
- Paid Time Off
- Voluntary Benefits
Aventiv Privacy Policy:
www.aventiv.com/privacy
Equal Employment Policy:
Aventiv is proud to be an equal opportunity employer. All decisions regarding recruiting, hiring, promotion, assignment, training, termination and other terms and conditions of employment will be made without regard to race, color, national origin, biological sex, sexual orientation, gender identity, gender expression, gender presentation, religion, age, pregnancy, disability, work-related injury, veteran status, genetic information, marital status, or any other factor that the law protects from employment discrimination. We do not discriminate based on genetic information in accordance with the Genetic Information Nondiscrimination Act.
Equal Opportunity Employer
This employer is required to notify all applicants of their rights pursuant to federal employment laws. For further information, please review the Know Your Rights notice from the Department of Labor.
Similar Jobs
What you need to know about the Chicago Tech Scene
Key Facts About Chicago Tech
- Number of Tech Workers: 245,800; 5.2% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: McDonald’s, John Deere, Boeing, Morningstar
- Key Industries: Artificial intelligence, biotechnology, fintech, software, logistics technology
- Funding Landscape: $2.5 billion in venture capital funding in 2024 (Pitchbook)
- Notable Investors: Pritzker Group Venture Capital, Arch Venture Partners, MATH Venture Partners, Jump Capital, Hyde Park Venture Partners
- Research Centers and Universities: Northwestern University, University of Chicago, University of Illinois Urbana-Champaign, Illinois Institute of Technology, Argonne National Laboratory, Fermi National Accelerator Laboratory


