Job Identification (Reference Number): 14779
Position Title:ย Information and Communication Technology (ICT) Officer (Identity and Access Management) (UG)
Duty Station City:ย Valencia
Duty Station Country:ย Spain
Grade:ย UG
Contract Type:ย Special Short Term Graded (Up to 9 months)
Recruiting Type:ย Call for Applications
Vacancy Type:ย Special Vacancy Notice
Initial durationย 9 Months with Possibility of Renewal
Closing date: 20 May 2025
ย
Introduction:ย ย ย ย
Established in 1951, IOM is a Related Organization of the United Nations, and as the leading UN agency in the field of migration, works closely with governmental, intergovernmental and non-governmental partners. IOM is dedicated to promoting humane and orderly migration for the benefit of all. It does so by providing services and advice to governments and migrants.
IOM is committed to ensuring a workplace where all employees can thrive professionally, while working towards harnessing the full potential of migration. Read more about IOM's workplace culture at IOM workplace culture | International Organization for Migration
Applications are welcome from first- and second-tier candidates, particularly qualified female candidates as well as applications from the non-represented member countries of IOM. For all IOM vacancies, applications from qualified and eligible first-tier candidates are considered before those of qualified and eligible second-tier candidates in the selection process. For the purpose of this vacancy, the following are considered first-tier candidates:ย
Internal candidates Candidates from the following non-represented member states:Antigua and Barbuda, Bahamas, Barbados, Comoros, Congo (the), Cook Islands, Dominica, Federated States of Micronesia, Grenada, Guinea-Bissau, Holy See, Iceland, Israel, Kiribati, Lao People's Democratic Republic, Madagascar, Marshall Islands, Namibia, Nauru, Palau, Saint Kitts and Nevis, Saint Lucia, Samoa, Sao Tome and Principe, Solomon Islands, Suriname, Tonga, Tuvalu, Vanuatu
Second tier candidates include:
All external candidates, except candidates from nonrepresented member states of IOM.
Context
The ICT Officer Identity and Access Management will lead own and evolve the identity and access management (IDAM) ecosystem. The role will be the gatekeeper for the digital identity landscape, ensuring the right people (and devices) get the right access, at the right time, for the right reasons.
The role will be responsible for the design, implementation, and support of the identity orchestration using One Identity - Identity Manager (IDM), integrated with Microsoft Active Directory, Azure Active Directory (Microsoft Entra ID), and HR-driven lifecycle events via the Oracle ERP (WAVE).
The ICT Officer (Identity and Access Management) must understand the art and science of automating access, enforcing least privilege, and reducing identity related risks.
Under the leadership of the Director of Information and Communications Technology (ICT) / Chief Information Officer and reporting directly to the Chief Technology Officer, the ICT Officer Identity and Access Management (IDAM) is responsible for the identity and access management function within ICT.
IDENTITY AND ACCESS MANAGEMENT
Design, configure, and maintain One Identity - Identity Manager (IDM) for user lifecycle management, provisioning, and role-based access control.Integrate identity data from the WAVE ERP system to drive Joiner/Mover/Leaver (JML) processes.Manage synchronization and identity federation between Microsoft Active Directory and Azure Active Directory (Entra ID).Define and implement access governance, including role modelling, segregation of duties (SoD), and access review campaigns.Develop automated workflows for account provisioning, deprovisioning, and entitlement management across all ICT platforms.Collaborate with HR, Information Security, and Compliance teams to enforce identity related policies.Enforce Just-In-Time (JIT) access for sensitive operations.Monitor and respond to identity-related incidents and service requests.Create and maintain IAM documentation including architecture diagrams, SOPs, and audit records.Supervise the IAM team and conduct effective performance management and promote a cooperative work environment.MICROSOFT ACTIVE DIRECTORY AND ENTRA IDย
Ensure correct operation of hybrid identity sync from AD to Entra ID via Azure AD Connect and monitor sync health and conflict resolution.Define entitlement management with access packages for joiners/movers/leavers.Enforce naming conventions and OU placement standards.Manage service accounts with lifecycle governance (preferably with expiration controls).Manage access using Azure AD roles, administrative units, and custom roles.Assign privileged roles via Privileged Identity Management (PIM) with time-bound or approval-based access.Define Conditional Access Policies based on risk, device, location, and user sensitivity.Enforce MFA using built-in Entra policies.Enable the publishing and management of SaaS apps using SAML, OAuth, or OIDC for Single Sign-On (SSO).Configure provisioning connectors to automate account creation in cloud apps.Build processes to enforce user consent restrictions to limit data exposure to risky apps.Create and maintain procedures for maintenance of security groups and distribution lists.Implement and enforce role-based access control (RBAC) through group nesting and inheritance.Periodically review and clean up stale groups and memberships and establish access review campaigns for groups, apps, and privileged roles across regional offices.ADDITIONAL RESPONSIBILITIESย
Provide input for the license entitlements and ensure correct integration with FinOps and licensing portals.Perform such other relevant duties as may be assigned.Educationย
Accredited Universities are those listed in the UNESCO World Higher Education Database.ย
Experience
A minimum of 5 years of experience in Identity & Access Management, IT Security, or related infrastructure engineering roles.Hands-on experience with One Identity - Identity Manager (strongly preferred).Solid proficiency in Microsoft Active Directory, Group Policy, and Azure Active Directory (Microsoft Entra ID).Experience in integrating IAM solutions with ERP systems for automated provisioning (e.g. SAP, Oracle).Understanding of authentication and authorization protocols (SAML, OAuth, OpenID Connect).Experience implementing RBAC, ABAC, and SoD controls.Strong scripting ability (PowerShell, SQL, or similar) for automating IAM workflows.Skills
Demonstrated ability to supervise and train teams to work effectively and harmoniously.ย Project management skills for efficient roll-out of ICT initiatives.Demonstrated understanding of automation of user lifecycle processes across HR, AD, and Entra ID.Demonstrated ability to communicate with business leaders and those with limited technical background effectively.Demonstrated ability to handle confidential data in a professional, responsible and mature manner.Familiarity with global IT security trends and the ability to adapt NIST standards to evolving security threats and technologies.Working knowledge of supporting One Identity Manager, Active Directory and Entra ID.Languages
IOM's official languages are English, French and Spanish.ย
For this position, fluency in English is required (oral and written). Working knowledge of an official UN Language (Arabic, Chinese, French, Russian, and Spanish) is an advantage.
Proficiency of language(s) required will be specifically evaluated during the selection process, which may include written and/or oral assessments.
Required Competencies
IOM's competency framework can be found at this link. Competencies will be assessed during the selection process.
Values - all IOM staff members must abide by and demonstrate these five values:
Inclusion and respect for diversity: Respects and promotes individual and cultural differences. Encourages diversity and inclusion.Integrity and transparency: Maintains high ethical standards and acts in a manner consistent with organizational principles/rules and standards of conduct.Professionalism: Demonstrates ability to work in a composed, competent and committed manner and exercises careful judgment in meeting day-to-day challenges.Courage: Demonstrates willingness to take a stand on issues of importance.Empathy: Shows compassion for others, makes people feel safe, respected and fairly treated.Core Competencies โ behavioural indicators
Teamwork: Develops and promotes effective collaboration within and across units to achieve shared goals and optimize results.Delivering results: Produces and delivers quality results in a service-oriented and timely manner. Is action oriented and committed to achieving agreed outcomes.Managing and sharing knowledge: Continuously seeks to learn, share knowledge and innovate.Accountability: Takes ownership for achieving the Organization's priorities and assumes responsibility for own actions and delegated work.Communication: Encourages and contributes to clear and open communication. Explains complex matters in an informative, inspiring and motivational way.Managerial Competencies โ behavioural indicators
Leadership: Provides a clear sense of direction, leads by example and demonstrates the ability to carry out the Organization's vision. Assists others to realize and develop their leadership and professional potential.Empowering others: Creates an enabling environment where staff can contribute their best and develop their potential.Building Trust: Promotes shared values and creates an atmosphere of trust and honesty.Strategic thinking and vision: Works strategically to realize the Organization's goals and communicates a clear strategic direction.Humility: Leads with humility and shows openness to acknowledging own shortcomings.Notes
Internationally recruited professional staff are required to be mobile.
Any offer made to the candidate in relation to this call is subject to funding confirmation.
This selection process may be used to staff similar positions in various duty stations. Recommended candidates will remain eligible to be appointed in a similar position for a period of 24 months.
The list of NMS countries above includes all IOM Member States which are non-represented in the Professional Category of staff members. For this staff category, candidates who are nationals of the duty station's country cannot be considered eligible.
Appointment will be subject to certification that the candidate is medically fit for appointment, accreditation, any residency or visa requirements, security clearances.
IOM has a zero-tolerance policy on conduct that is incompatible with the aims and objectives of the United Nations and IOM, including sexual exploitation and abuse, sexual harassment, abuse of authority and discrimination based on gender,ย nationality, age, race, sexual orientation, religious or ethnic background or disabilities.
IOM does not charge a fee at any stage of its recruitment process (application, interview, processing, training or other fee). IOM does not request any information related to bank accounts.
IOM only accepts duly completed applications submitted through the IOM e-Recruitmentย system (for internal candidates link here). The online tool also allows candidates to track the status of their application.
For further information and other job postings, you are welcome to visit our website: IOM Careers and Job Vacancies