My Shortlist

Your shortlisted jobs will appear here. To view your shortlist: Login Or Register

Date Added: Tue 29/07/2025

Senior IAM Engineer (80-100%)

Zurich, 8045, Switzerland
Apply Now

Company: SYGNUM BANK AG

Job Type: Permanent

Salary: Negotiable

Sygnum is a global digital asset banking group, founded on Swiss and Singapore heritage. We empower professional and institutional investors, banks, corporates and DLT foundations to invest in digital assets with complete trust. Our team enables this through our institutional-grade security, expert personal service and portfolio of regulated digital asset banking, asset management, tokenisation and B2B services.

In Switzerland, Sygnum holds a banking licence and has CMS and Major Payment Institution Licences in Singapore. The group is also regulated in the established global financial hubs of Abu Dhabi and Luxembourg.

We believe that the future has heritage. Our crypto-native team of banking, investment and digital asset technology professionals are building a trusted gateway between the traditional and digital asset economies that we call Future Finance. To learn more about how Sygnum's mission and values are shaping this digital asset ecosystem, please visit sygnum.com and follow us on LinkedIn and X.

A key pillar of our success are the Sygnum values that define and unite us a team. We proudly call them our SYGN values:
  • S stands for the importance we hold in Seeking and seizing opportunities, and the way we take personal ownership for delivering results for our clients;
  • Y represents the way we say Yes to maintaining the highest level of integrity and fairness in everything we do. Sygnumers always display confidence without attitude;
  • G reminds us to always Grow and win together. We only succeed by supporting each other and challenging ourselves, and our team-mates, to reach for new heights;
  • N is here for Nose for value because we are always looking to focus on what matters most to our clients, partners and team.
Sygnum has one of the most diverse teams in the industry. Diversity plays a central role in keeping our work culture open, our teams productive and energised, and our solutions at the forefront of the industry. In the spirit of our SYGN value to "grow and win together", we fully embrace an equal opportunity mindset in the way we onboard, develop and promote our team members.

We're seeking an enthusiastic Senior IAM Engineer to become a cornerstone of our Microsoft-focused identity security platform. In this hands-on role, you'll leverage Entra ID, Terraform, M365 Stack and Azure to deliver enterprise-grade IAM controls across hybrid and cloud environments. You'll own technical delivery, architect solutions, and collaborate across teams to secure access to critical systems-from corporate apps to custody platforms and infrastructure.

You'll also provide consultative guidance on related Microsoft ecosystem capabilities, including Azure SRE, Intune configuration, M365 and tenant-level access policies, helping strengthen security alignment across the wider IT and engineering landscape.

Responsibilities include:

* Design & implement IAM architecture using Microsoft Entra ID, PIM, Conditional Access, entitlement, ID Governance suite and group management
* Automate identity & access policies via Terraform (IaC), integrating IAM changes into CI/CD pipelines with full auditability
* Lead Joiner Mover Leaver lifecycle automation, enforcing least privilege, onboarding/deprovisioning, and membership management
* Configure privileged access with Azure PIM, Just In Time workflows, MFA, and access approval processes
* Collaborate with SecOps and SOC to integrate identity events (e.g. escalations, failed logins) into SIEM and incident workflows
* Drive IAM governance: plan and execute access reviews, SoD analysis, entitlement attestation, and policy recertifications
* Own audit evidence: maintain Terraform code, policy documentation, logs, and reporting ready for FINMA and internal audit
* Consult with cross-functional teams (HR, Risk & Compliance, Platform Engineering) to align identity controls with business needs
* Monitor IAM KPIs: provisioning times, review coverage, privileged sessions, policy violations-and report to leadership
* Stay current on Microsoft Entra roadmap (e.g., Permissions Management, cross-tenant access) and drive adoption of new security features
* Design and support authentication and authorisation integrations using protocols such as SAML, OAuth2, and OpenID Connect, ensuring secure access to SaaS platforms, third-party services, and in-house developed applications
* Collaborate with development and platform teams to embed IAM into application architectures, including federated login and modern identity brokering
* Audit and monitor AWS IAM activity: enable and analyse AWS CloudTrail logs for access events and work with the SOC to feed access logs into the SIEM for anomalous behaviour detection
* Provide consultative support to Platform and SRE teams on Microsoft tenant configuration, including conditional access, role assignments, and policy management
* Support Azure SRE projects by advising on service connection permissions, pipeline identity management, and secure integration of CI/CD with Entra ID
* Configure and maintain cross-tenant sync in multi-cloud environment, B2C and B2B configurations
* Advise on Intune policy, device group structures and device compliance integration, ensuring alignment between endpoint management and IAM standards

You are a motivated IAM professional with a strong foundation in Microsoft identity technologies and a passion for automation and access control. You thrive in dynamic, high-trust environments and are eager to secure critical systems through well-governed, scalable identity solutions. You're also comfortable working across teams to align adjacent technologies like Intune, AWS and Azure to broader IAM objectives.

Essential:
  • Bachelor's/Master's in Computer Science, Information Security, or equivalent
  • 7+ years in IT, with 3+ years dedicated to IAM, using Microsoft Entra ID/Azure AD
  • Hands-on experience with Terraform for identity management and role policies
  • Deep understanding of IAM principles: RBAC/ABAC, least privilege, zero trust, conditional access and privilege management
  • Deep knowledge of Azure RBAC, Root Tenant IAM management in Azure CAF (private landing zones) environment and IAM landing zones architecture
  • Experience integrating IAM with CI/CD pipelines and infrastructure-as-code
  • Working knowledge of privileged access tools, MFA, SSO, entitlement management
  • Solid awareness of regulatory landscape (FINMA, ISO 27001, NIST) and audit-readiness best practices
  • Familiarity with Microsoft tenant-level administration, including conditional access and directory roles
  • Excellent stakeholder communication in English; German is a plus

Desirable:
  • Azure B2B/B2C, custom SAML/OpenID Connect app integrations
  • Exposure to digital asset platforms: custody, key management, multisig workflows
  • Knowledge of HSM architecture, encryption models, or blockchain security
  • Experience advising on Intune policy design or secure Azure SRE implementation
  • Certifications: CISSP, CISM, Azure Security Engineer, or Microsoft Identity certifications

Joining Sygnum means being part of a dynamic, global team that is building a trusted gateway between the traditional and digital asset economies. Working at Sygnum, you will experience our fast-paced, exciting work environment that embraces meritocracy and collaboration and open communication. Alongside our ambitious long-term mission, we also come together for reaching important milestones and annual crypto-industry anniversaries like Bitcoin Pizza Day, and regularly celebrate together at themed company events as part of our journey to shape Future Finance.

Sygnum offers a comprehensive package of benefits for all team members. They include:
* Attractive combination of market salaries and entrepreneurial incentive scheme
* Flexible/Work at home policies
* Professional development via Mentoring and Buddy programs
* One-month fully paid sabbatical after five years of continuous employment

If you are passionate about the potential of blockchain to share Future Finance and your profile is a good fit for this position, please send us your CV today!

Apply Now