IAM Administrator

IT@JH Enterprise Directory and Messaging is seeking an IAM Administrator who will be responsible for supporting Microsoft Azure Multi-Factor Authentication (MFA) & MFA for Administrators (Virtual SmartCards & Yubikeys) for Johns Hopkins.

• Responsible for working with IT Administrators and customers across the institution.
• Provides Multi-Factor Authentication (MFA) support for over 150k users. This involves assisting with first-time enrollments, helping to set up multiple methods, and troubleshooting MFA-related issues.
• Works with a great deal of independence and limited supervision.
• Digital Identity Management: Oversee digital identities for humans, workloads, and service accounts.

• IAM Solutions Implementation: Deploy and maintain IAM solutions for on-premises and cloud environments.

• User Account Administration: Manage user accounts, permissions, and access controls to ensure authorized access.

• Security Enhancements: Utilize digital certificates and manage Public Key Infrastructure (PKI).

• Zero Trust Principles: Apply Zero Trust principles to identity and access solutions.

• Collaboration: Work with technology teams, data owners, and application owners to implement IAM solutions.

• Security Posture Evaluation: Assess and improve the institution’s IAM security posture.

• Audits and Assessments: Conduct regular audits and assessments to identify and mitigate risks.

• Advanced Support: Provide advanced-level support for IAM-related issues.

• Technology Updates: Stay updated with the latest IAM technologies and trends.

• IAM Tools Management: Implement, configure, administer, and maintain IAM tools according to best practices.

• Authentication and Authorization: Ensure users are authenticated and authorized based on job responsibilities.

• Policy Development: Define and enforce access control policies.

• Access Monitoring: Monitor access logs and conduct periodic reviews.

• Single Sign-On (SSO): Implement and manage SSO solutions, troubleshoot issues, and ensure secure access.

• Collaboration with Security Teams: Ensure appropriate access monitoring with security operations and engineering teams.

• Project Management: Plan, manage, and monitor IAM projects and tasks.

• Incident Response: Participate in incident response and vulnerability remediation.

• Business Continuity: Execute IAM services business continuity and disaster recovery drills.

• Technical Documentation: Develop and maintain IAM services technical support documentation.

• Multi-Factor Authentication (MFA): Implement and sustain MFA solutions, educate users, and stay updated on technologies.

• Compliance and Security: Enforce security policies, conduct audits, and collaborate with compliance officers.

• Security Incident Management: Respond to and mitigate security incidents related to identity and access.

• Support and Integration: Provide timely support for access-related issues and integrate IAM systems with existing infrastructure.

Specific Devices, Software, Projects

• MFA tools included but not limited to: Microsoft Azure MFA, Microsoft Windows Hello, Passkeys, etc...

Scale/Size of Area, Project or Systems Supported

• MFA is needed to help secure Hopkins credentials for critical systems and may be used by over 150k faculty, staff, and students. Securing Hopkins credentials which are used 24 x 7 from around the world, is highly complex.

On Call Requirements

• Yes

Special Knowledge, Skills, and Abilities

• Microsoft Office 365 (Teams, OneDrive, Outlook, etc)
• Microsoft Azure & Azure MFA
• Basic Mobile Device knowledge (Android & IOS)

• Bachelor’s degree.
• Three years of experience in identity and access management or related field.
• Additional education may substitute for required experience and additional related experience may substitute for required HS Diploma/Graduation Equivalent, to the extent permitted by the JHU equivalency formula.

• Must have solid understanding of Windows OS, Mobile Devices, and the fundamentals of securing user accounts

Classified Title: IAM Administrator 
Role/Level/Range: ATP/04/PD  
Starting Salary Range: $62,900 - $110,100 Annually (Commensurate w/exp.) 
Employee group: Full Time 
Schedule: Mon-Fri 8:30am-5:00pm 
FLSA Status: Exempt 
Location: Remote 
Department name: IT@JH Enterprise Directory and Messaging  
Personnel area: University Administration