​​information And Communications Technology (ICT) Officer (identity And Access Management) ​

Organizational Context

The International Organization for Migration (IOM), established in 1951, is a UN-related agency dedicated to promoting humane and orderly migration. As the leading UN agency in migration, it collaborates with governmental, intergovernmental, and non-governmental partners. The ICT Officer (Identity and Access Management) role sits within the ICT department, reporting to the Chief Technology Officer, and is responsible for evolving the organization's identity and access management ecosystem.

Job Purpose

The ICT Officer (Identity and Access Management) is responsible for leading and evolving IOM's identity and access management (IDAM) ecosystem. This role acts as the gatekeeper for the digital identity landscape, ensuring that the correct individuals and devices are granted appropriate access at the right times and for valid reasons. The position involves the design, implementation, and support of identity orchestration using One Identity - Identity Manager (IDM), integrated with Microsoft Active Directory, Azure Active Directory (Microsoft Entra ID), and HR systems like Oracle ERP (WAVE). The core purpose is to automate access, enforce the principle of least privilege, and significantly reduce identity-related risks within the organization's ICT infrastructure, contributing to a secure and efficient digital environment.

Responsibilities

Key responsibilities include designing, configuring, and maintaining One Identity - Identity Manager (IDM) for user lifecycle management, provisioning, and role-based access control. This involves integrating identity data from the WAVE ERP system for Joiner/Mover/Leaver (JML) processes and managing synchronization between Microsoft Active Directory and Azure Active Directory (Entra ID). The role requires defining and implementing access governance, including role modeling, segregation of duties (SoD), and access review campaigns, alongside developing automated workflows for account provisioning and entitlement management. Additional duties involve managing Microsoft Active Directory and Entra ID, ensuring correct hybrid identity synchronization, defining entitlement management with access packages, and enforcing naming conventions. The officer will also manage service accounts, Azure AD roles, and privileged access via Privileged Identity Management (PIM), define Conditional Access Policies, enforce Multi-Factor Authentication (MFA), and enable Single Sign-On (SSO) for SaaS applications. Collaboration with HR, Information Security, and Compliance teams, monitoring identity-related incidents, and creating IAM documentation are also crucial.

Work Experience

Requires a minimum of 5 years of experience in Identity & Access Management, IT Security, or related infrastructure engineering. Hands-on experience with One Identity - Identity Manager is strongly preferred. Solid proficiency in Microsoft Active Directory, Group Policy, and Azure Active Directory (Microsoft Entra ID) is essential. Experience integrating IAM solutions with ERP systems for automated provisioning, understanding authentication/authorization protocols (SAML, OAuth, OpenID Connect), implementing RBAC/ABAC/SoD controls, and strong scripting abilities (PowerShell, SQL) are also necessary.

Skills

Supervision and team training, project management, automation of user lifecycle processes (HR, AD, Entra ID), effective communication with technical and non-technical stakeholders, handling confidential data responsibly, familiarity with global IT security trends and NIST standards, and working knowledge of One Identity Manager, Active Directory, and Entra ID.

Explore related opportunities