Kestra PWS
Rio 2100, 63 S Rockford Drive, Tempe, Arizona, United States of America
Job Description Posted Tuesday, January 6, 2026 at 8:00 AM
Kestra Holdings offers industry-leading wealth management platforms for independent wealth management professionals nationwide. Kestra is dedicated to empowering independent financial professionals—including traditional and hybrid RIAs—to grow their businesses and deliver exceptional client service. We combine advanced business management technology with personalized consulting to provide unmatched scale, efficiency, and support. Our advisor-focused culture is built on innovation and advocacy, enabling advisors to offer comprehensive securities and investment advisory solutions to their clients.
Lead with Purpose. Partner with Impact. We are seeking a Sr. IAM Engineer with deep experience assessing current state, designing target-state architectures, and implementing/maturing Role-Based (RBAC) and Attribute-Based (ABAC) access models at enterprise scale. This leader will serve as the SailPoint technical expert, engineering policy, integration, and governance processes that meet financial-services compliance expectations. The role partners with enterprise architects, risk/compliance, platform teams, and app owners to operationalize identity as a control across SaaS, on-prem, and cloud.
What you’ll Do:
Define RBAC/ABAC standards, pattern libraries, and guardrails; author architecture decision records (ADRs).
Drive role engineering (role discovery, consolidation, birthright access,SoDmatrices) and ABAC policy design (attribute inventory, policy enforcement integration).
Maintainthe IGA reference architecture spanning SailPoint, Okta, directories (AD/LDAP), HR/ERP, and cloud providers.
Partner with AppSec and platform teams to externalize authorization using federation and standardized protocols (SAML 2.0, OIDC, OAuth 2.0; SCIM for provisioning).
Configure sources/authorities, connectors, aggregation & correlation rules, identity profiles, entitlement catalogs, lifecycle policies, workflows, accessrequest, and certification campaigns in SailPoint; implementOkta connector patterns.
Build monitoring/health checks, metrics, and dashboards for access governance KPIs; automate evidence collection.
Define policies/standards for access control, attribute quality, identity proofing, certification cadence, and exception handling; ensure alignment with enterprise risk appetite.
Support audits and regulatory examinations with defensible evidence, including certification results,SoDanalyses, and access recertification trails.
Mentor engineers andanalysts;partner with business/application owners to onboard apps at scale under governance;establishrepeatable app-onboarding playbooks (federation + provisioning + role modeling).
SailPoint (IdentityIQEngineer/Architect or Identity Security Cloud) and/or Okta certifications; experienceintegrating SailPoint with Okta via connectors/APIs.
Cloud IAM concepts (Azure AD/Entra ID, AWS IAM), and experience mapping ABAC to cloud entitlements/metadata.
Financial-servicesexperience with audit/regulatory expectations (e.g., access certification cadence, evidence,SoDrigor).
What You Bring:
8+ years in IAM with 5+ years leading RBAC/ABAC design and enterprise deployment; demonstrable delivery of role mining/engineering and attribute-driven authorization.
Hands-on SailPointexpertise(IdentityIQor Identity Security Cloud/IdentityNow) across connectors, lifecycle automation, certifications,SoD, policy, and analytics; Okta SSO/MFA and federation patterns.
Strong command of federated identity protocols and provisioning standards (SAML 2.0, OIDC, OAuth 2.0, SCIM).
Working knowledge of directory services (AD/LDAP), identity data modeling, and integration architectures; familiarity with crypto & tokenization fundamentals for identity.
Experienceestablishingaccess governance processes (access reviews, recertifications,SoD, exception management) consistent with industry best practices.
Proficiencyin at least one scripting language (e.g.,Beanshell/Java for IIQ, Python/PowerShell for automation), and SQL for identity analytics.
Internal Application Policy: Internal applicants must be in good standing and have a minimum of 1 year of service with Kestra. Internal applicants must also have a minimum of 1 year service in current role unless approved by EVP.
Benefits to support you:
Competitive pay and benefits with a large employer (over 1600 employees nationwide)
401(k), health insurance, and a competitive benefits package
Work in a supportive, collaborative environment committed to professional excellence
Help clients navigate meaningful financial decisions with confidence
Opportunities for training, development, and long-term growth within the firm
Kestra Values Our Mission is Powering Financial Independence, enabling the growth and success of investing clients and the advisors who serve them. We do that by living our values: Serve, Make it Happen, and One team.
Lead with purpose. Apply now and help shape the future of Kestra.
Disclosure
You acknowledge that if hired, Kestra Financial, Inc. may, obtain and use background information concerning your credit, character, general reputation, personal characteristics, work habits, performance and experience for evaluation for your potential employment.
It is the policy of Kestra Financial to ensure equal employment opportunity without discrimination or harassment on the basis of race, color, religion, sex, sexual orientation, gender, identity or expression, age, disability, marital status, citizenship, national origin, genetic information, or any other characteristic protected by law. Kestra Financial prohibits any such discrimination or harassment.
#J-18808-Ljbffr
Job Description Posted Tuesday, January 6, 2026 at 8:00 AM
Kestra Holdings offers industry-leading wealth management platforms for independent wealth management professionals nationwide. Kestra is dedicated to empowering independent financial professionals—including traditional and hybrid RIAs—to grow their businesses and deliver exceptional client service. We combine advanced business management technology with personalized consulting to provide unmatched scale, efficiency, and support. Our advisor-focused culture is built on innovation and advocacy, enabling advisors to offer comprehensive securities and investment advisory solutions to their clients.
Lead with Purpose. Partner with Impact. We are seeking a Sr. IAM Engineer with deep experience assessing current state, designing target-state architectures, and implementing/maturing Role-Based (RBAC) and Attribute-Based (ABAC) access models at enterprise scale. This leader will serve as the SailPoint technical expert, engineering policy, integration, and governance processes that meet financial-services compliance expectations. The role partners with enterprise architects, risk/compliance, platform teams, and app owners to operationalize identity as a control across SaaS, on-prem, and cloud.
What you’ll Do:
Define RBAC/ABAC standards, pattern libraries, and guardrails; author architecture decision records (ADRs).
Drive role engineering (role discovery, consolidation, birthright access,SoDmatrices) and ABAC policy design (attribute inventory, policy enforcement integration).
Maintainthe IGA reference architecture spanning SailPoint, Okta, directories (AD/LDAP), HR/ERP, and cloud providers.
Partner with AppSec and platform teams to externalize authorization using federation and standardized protocols (SAML 2.0, OIDC, OAuth 2.0; SCIM for provisioning).
Configure sources/authorities, connectors, aggregation & correlation rules, identity profiles, entitlement catalogs, lifecycle policies, workflows, accessrequest, and certification campaigns in SailPoint; implementOkta connector patterns.
Build monitoring/health checks, metrics, and dashboards for access governance KPIs; automate evidence collection.
Define policies/standards for access control, attribute quality, identity proofing, certification cadence, and exception handling; ensure alignment with enterprise risk appetite.
Support audits and regulatory examinations with defensible evidence, including certification results,SoDanalyses, and access recertification trails.
Mentor engineers andanalysts;partner with business/application owners to onboard apps at scale under governance;establishrepeatable app-onboarding playbooks (federation + provisioning + role modeling).
SailPoint (IdentityIQEngineer/Architect or Identity Security Cloud) and/or Okta certifications; experienceintegrating SailPoint with Okta via connectors/APIs.
Cloud IAM concepts (Azure AD/Entra ID, AWS IAM), and experience mapping ABAC to cloud entitlements/metadata.
Financial-servicesexperience with audit/regulatory expectations (e.g., access certification cadence, evidence,SoDrigor).
What You Bring:
8+ years in IAM with 5+ years leading RBAC/ABAC design and enterprise deployment; demonstrable delivery of role mining/engineering and attribute-driven authorization.
Hands-on SailPointexpertise(IdentityIQor Identity Security Cloud/IdentityNow) across connectors, lifecycle automation, certifications,SoD, policy, and analytics; Okta SSO/MFA and federation patterns.
Strong command of federated identity protocols and provisioning standards (SAML 2.0, OIDC, OAuth 2.0, SCIM).
Working knowledge of directory services (AD/LDAP), identity data modeling, and integration architectures; familiarity with crypto & tokenization fundamentals for identity.
Experienceestablishingaccess governance processes (access reviews, recertifications,SoD, exception management) consistent with industry best practices.
Proficiencyin at least one scripting language (e.g.,Beanshell/Java for IIQ, Python/PowerShell for automation), and SQL for identity analytics.
Internal Application Policy: Internal applicants must be in good standing and have a minimum of 1 year of service with Kestra. Internal applicants must also have a minimum of 1 year service in current role unless approved by EVP.
Benefits to support you:
Competitive pay and benefits with a large employer (over 1600 employees nationwide)
401(k), health insurance, and a competitive benefits package
Work in a supportive, collaborative environment committed to professional excellence
Help clients navigate meaningful financial decisions with confidence
Opportunities for training, development, and long-term growth within the firm
Kestra Values Our Mission is Powering Financial Independence, enabling the growth and success of investing clients and the advisors who serve them. We do that by living our values: Serve, Make it Happen, and One team.
Lead with purpose. Apply now and help shape the future of Kestra.
Disclosure
You acknowledge that if hired, Kestra Financial, Inc. may, obtain and use background information concerning your credit, character, general reputation, personal characteristics, work habits, performance and experience for evaluation for your potential employment.
It is the policy of Kestra Financial to ensure equal employment opportunity without discrimination or harassment on the basis of race, color, religion, sex, sexual orientation, gender, identity or expression, age, disability, marital status, citizenship, national origin, genetic information, or any other characteristic protected by law. Kestra Financial prohibits any such discrimination or harassment.
#J-18808-Ljbffr