​​Information and Communications Technology (ICT) Officer (Identity and Access Management) ​(P)

Job Identification (Reference Number): 18738
Position Title: Information and Communications Technology (ICT) Officer (Identity and Access Management)
Duty Station City: Valencia
Duty Station Country: Spain
Grade: UG
Contract Type: Special Short Term Ungraded (Up to 9 months)
Recruiting Type: Call for Applications
Vacancy Type: Special Vacancy Notice
Initial duration 9 Months with Possibility of Renewal
Closing date: 15 February 2026
 

Introduction:    

Established in 1951, IOM is a Related Organization of the United Nations, and as the leading UN agency in the field of migration, works closely with governmental, intergovernmental and non-governmental partners. IOM is dedicated to promoting humane and orderly migration for the benefit of all. It does so by providing services and advice to governments and migrants.

IOM is committed to ensuring a workplace where all employees can thrive professionally, while working towards harnessing the full potential of migration. Read more about IOM's workplace culture at IOM workplace culture | International Organization for Migration

Applications are welcome from first- and second-tier candidates, particularly qualified female candidates as well as applications from the non-represented member countries of IOM. For all IOM vacancies, applications from qualified and eligible first-tier candidates are considered before those of qualified and eligible second-tier candidates in the selection process. For the purpose of this vacancy, the following are considered first-tier candidates: 

1. Internal candidates
2. Candidates from the following non-represented member states:

Antigua and Barbuda, Bahamas, Barbados, Comoros, Congo (the), Cook Islands, Dominica, Federated States of Micronesia, Grenada, Guinea-Bissau, Holy See, Iceland, Israel, Kiribati, Lao People's Democratic Republic, Madagascar, Marshall Islands, Namibia, Nauru, Palau, Saint Kitts and Nevis, Saint Lucia, Samoa, Sao Tome and Principe, Solomon Islands, Suriname, Tonga, Tuvalu, Vanuatu

Second tier candidates include:

All external candidates, except candidates from nonrepresented member states of IOM.

The ICT Officer Identity and Access Management will lead own and evolve the identity and access management (IDAM) ecosystem. The role will be the gatekeeper for the digital identity landscape, ensuring the right people (and devices) get the right access, at the right time, for the right reasons.

The role will be responsible for the design, implementation, and support of the identity orchestration using One Identity - Identity Manager (IDM), integrated with Microsoft Active Directory, Azure Active Directory (Microsoft Entra ID), and HR-driven lifecycle events via the Oracle ERP (WAVE).

The ICT Officer (Identity and Access Management) must understand the art and science of automating access, enforcing least privilege, and reducing identity related risks.
Under the leadership of the Director of Information and Communications Technology (ICT) / Chief Information Officer and reporting directly to the Chief Technology Officer, the ICT Officer Identity and Access Management (IDAM) is responsible for the identity and access management function within ICT.

• Design, configure, and maintain One Identity - Identity Manager (IDM) for user lifecycle management, provisioning, and role-based access control.
• Integrate identity data from the WAVE ERP system to drive Joiner/Mover/Leaver (JML) processes.
• Manage synchronization and identity federation between Microsoft Active Directory and Azure Active Directory (Entra ID).
• Define and implement access governance, including role modelling, segregation of duties (SoD), and access review campaigns.
• Develop automated workflows for account provisioning, deprovisioning, and entitlement management across all ICT platforms.
• Collaborate with HR, Information Security, and Compliance teams to enforce identity related policies.
• Enforce Just-In-Time (JIT) access for sensitive operations.
• Monitor and respond to identity-related incidents and service requests.
• Create and maintain IAM documentation including architecture diagrams, SOPs, and audit records.
• Supervise the IAM team and conduct effective performance management and promote a cooperative work environment.

• Ensure correct operation of hybrid identity sync from AD to Entra ID via Azure AD Connect and monitor sync health and conflict resolution.
• Define entitlement management with access packages for joiners/movers/leavers.
• Enforce naming conventions and OU placement standards.
• Manage service accounts with lifecycle governance (preferably with expiration controls).
• Manage access using Azure AD roles, administrative units, and custom roles.
• Assign privileged roles via Privileged Identity Management (PIM) with time-bound or approval-based access.
• Define Conditional Access Policies based on risk, device, location, and user sensitivity.
• Enforce MFA using built-in Entra policies.
• Enable the publishing and management of SaaS apps using SAML, OAuth, or OIDC for Single Sign-On (SSO).
• Configure provisioning connectors to automate account creation in cloud apps.
• Build processes to enforce user consent restrictions to limit data exposure to risky apps.
• Create and maintain procedures for maintenance of security groups and distribution lists.
• Implement and enforce role-based access control (RBAC) through group nesting and inheritance.
• Periodically review and clean up stale groups and memberships and establish access review campaigns for groups, apps, and privileged roles across regional offices.

• →Provide input for the license entitlements and ensure correct integration with FinOps and licensing portals.
• →Perform such other relevant duties as may be assigned.

• Master’s degree in Cybersecurity, Computer Engineering, Computer Science, or a related field from an accredited academic institution with five years of relevant professional experience; or,
• University degree in the above fields with seven years of relevant professional experience.
• The following certifications are required.
• Microsoft Certified: Identity and Access Administrator Associate (SC-300).
• Microsoft Certified: Azure Administrator Associate (AZ-104).
• Must attain and maintain ITIL version 4 Foundation certification and CISSP.
• One Identity - Identity Manager Foundations (#IM-FND) certification is an advantage.
• Certified Information Systems Security Professional (CISSP) is an added advantage.

Accredited Universities are those listed in the UNESCO World Higher Education Database. 

• A minimum of 5 years of experience in Identity & Access Management, IT Security, or related infrastructure engineering roles.
• Hands-on experience with One Identity - Identity Manager (strongly preferred).
• Solid proficiency in Microsoft Active Directory, Group Policy, and Azure Active Directory (Microsoft Entra ID).
• Experience in integrating IAM solutions with ERP systems for automated provisioning (e.g. SAP, Oracle).
• Understanding of authentication and authorization protocols (SAML, OAuth, OpenID Connect).
• Experience implementing RBAC, ABAC, and SoD controls.
• Strong scripting ability (PowerShell, SQL, or similar) for automating IAM workflows.

• Demonstrated ability to supervise and train teams to work effectively and harmoniously. 
• Project management skills for efficient roll-out of ICT initiatives.
• Demonstrated understanding of automation of user lifecycle processes across HR, AD, and Entra ID.
• Demonstrated ability to communicate with business leaders and those with limited technical background effectively.
• Demonstrated ability to handle confidential data in a professional, responsible and mature manner.
• Familiarity with global IT security trends and the ability to adapt NIST standards to evolving security threats and technologies.
• Working knowledge of supporting One Identity Manager, Active Directory and Entra ID.

IOM's official languages are English, French and Spanish. 

For this position, fluency in English is required (oral and written). Working knowledge of an official UN Language (Arabic, Chinese, French, Russian, and Spanish) is an advantage.

Proficiency of language(s) required will be specifically evaluated during the selection process, which may include written and/or oral assessments.

IOM's competency framework can be found at this link. Competencies will be assessed during the selection process.

Internationally recruited professional staff are required to be mobile.

Any offer made to the candidate in relation to this vacancy notice is subject to funding confirmation.

For this staff category, candidates who are nationals of the duty station's country cannot be considered eligible.

Appointment will be subject to certification that the candidate is medically fit for appointment, accreditation, any residency or visa requirements, security clearances.

Vacancies close at 23:59 local time Geneva, Switzerland on the respective closing date. No late applications will be accepted.

IOM has a zero-tolerance policy on conduct that is incompatible with the aims and objectives of the United Nations and IOM, including sexual exploitation and abuse, sexual harassment, abuse of authority and discrimination based on gender, nationality, age, race, sexual orientation, religious or ethnic background or disabilities.

IOM does not charge a fee at any stage of its recruitment process (application, interview, processing, training or other fee). IOM does not request any information related to bank accounts.

IOM only accepts duly completed applications submitted through the IOM e-Recruitment system (for internal candidates link here). The online tool also allows candidates to track the status of their application.

Only shortlisted candidates will be contacted.

For further information and other job postings, you are welcome to visit our website: IOM Careers and Job Vacancies