To serve as the architect and operator of Ajaib’s Identity Anchor. You will be responsible for ensuring every access point is anchored to a single corporate identity, moving away from manual ticketing toward a self-service, automated "ticketing-to-tool" identity orchestration.
Responsibilities
- Identity Anchoring: Own the Identity Provider (IDP/SSO) lifecycle using JumpCloud, ensuring 100% of corporate assets (GitHub, AWS, etc.) are accessible only via the Corporate IDP, coordinating with related units, including People team
- The "Kill Switch" provisioning: Implement and maintain programmatic offboarding to achieve a Mean Time to Revoke (MTTR) of <5 minutes across all systems, alerted from Slack channel maintained by People team.
- Access Orchestration: Transition from manual tickets to automated approval workflows and self-service access.
- Onboarding: Ensure naming convention uniformity, Lead the migration of all contributors to corporate-managed accounts, implementing automated blocking for non-corporate commits.
- Permission Management: Define technical roles and permissions (RBAC/ABAC) and maintain the User Access Matrix for all personnel and third-party vendors.
- Platform Integration: Move toward Identity Orchestration by implementing short-lived, automated credentials and MFA.
- Least Privilege: Maintain segregation of duties and Least Privilege principles all the time on all systems.
- Maintain and update and ensure the access matrix is current and agreed by relevant parties.
- Maintain the system / tools list across organizations on a regular basis.
- Maintain the payment method / period: Ensure no downtime on the app / system caused by failed payment.
- Keep record and maintain the policies of access of each system and ensure they are approved by relevant stakeholders regularly.
- During identified employee rotation, ensure access provisioning follows the new business unit / department accordingly immediately with appropriate approval from the stakeholders.
- Data Governance: Maintain and update the Data Classification across Ajaib group.
- Data Retention: Ensure data retention is applied and maintained across Ajaib group.
- Incident Management: Log and maintain documentation of reported and known incidents
- Post Incident Review: Log and maintain documentation of reported and known incidents
- Must Have: 2+ years of experience in IAM/IDM; expertise in JumpCloud and Google Workspace administration.
- Identity Protocols: Deep understanding of SSO, SAML, OIDC, and SCIM provisioning.
- Fintech Focus: Experience regulating central access for high-turnover environments and third-party vendors.
- Technical Literacy: Ability to manage repository permissions and automate IAM.