Principal IAM Lead
New York, NY, USA
About Us
DriveWealth is on a mission to make investing easier. We believe that everyone should have the ability to control their financial future, and that access to financial markets should not be limited by geography, wealth, or legacy systems. We are a global B2B financial technology organization dedicated to democratizing access to financial independence around the world. Our mission is realized through an API-based platform, empowering our partners to offer seamless investing and trading experiences to clients worldwide, all from their mobile devices. Our technology provides partners with a modern, extensible toolkit, enabling traditional investment workflows and innovative techniques like fractional share ownership. DriveWealth has evolved into a global platform offering trading of US equities, mutual funds, ETFs, fixed income, and options.
There’s never been a better time to build a category-defining business and there has rarely been a team better positioned for this opportunity. Our culture blends the pace and agility of a fintech start-up with the impact, stability, and discipline of Wall Street. We encourage creativity and experimentation while ensuring institutional-grade execution and regulatory compliance in everything we do. Join us and help build the future of global investing!
About This Role
DriveWealth is seeking a Principal IAM Lead to own and evolve our enterprise identity and access management ecosystem. This is a senior, hands-on technical leadership role for someone who lives at the intersection of identity architecture, security engineering, and platform administration. You will serve as the subject matter expert for our Okta and Auth0 environments, driving secure, scalable, and well-governed identity solutions across the organization.
The ideal candidate has deep platform-level expertise, strong troubleshooting instincts, and the confidence to make and defend changes to authentication and security policies that affect the entire company.
What You'll Do
Okta Platform Ownership
- Serve as the principal administrator and subject matter expert for Okta, including SSO and SCIM integrations, Okta Workflows, and Okta Identity Governance (OIG)
- Design, build, and maintain group rules and access policies that support least-privilege and lifecycle management
- Manage Okta licensing, entitlements, and platform capacity planning
- Demonstrate deep expertise on how authentication rules (MFA policies, sign-on policies, adaptive authentication, risk-based policies, etc.) are applied within Okta, and update and tune these policies as business and security
- needs evolve.
Auth0 Platform Management
- Maintain strong working knowledge of the Auth0 platform, including tenants, rules/actions, and application configurations
- Create, configure, and troubleshoot Identity Provider (IdP) connections across all major IdP types (SAML, OIDC, social, enterprise directories, etc.)
- Diagnose and resolve authentication and federation issues across integrated applications
API Integration
- Leverage Okta, Auth0, and related APIs to automate identity workflows, integrations, and reporting
- Troubleshoot and build API-based solutions to extend platform capabilities beyond native UI functionality
- Client & Enterprise SSO Onboarding
- Configure and manage SSO connections for external clients and enterprise customers, acting as the primary technical point of contact for partner-side IT/security teams during setup
- Gather and validate partner IdP metadata (OIDC) and configure corresponding Auth0 connections
- Test and troubleshoot partner SSO connections end-to-end prior to go-live, resolving certificate, attribute mapping, and claims issues
- Maintain documentation and a repeatable onboarding process for bringing new clients onto SSO
Cloud Identity (AWS)
- Apply working knowledge of AWS and AWS Identity Center (formerly AWS SSO) to support cloud identity federation and access management
- Collaborate with cloud infrastructure teams to align identity governance across on-prem, SaaS, and cloud environments
AI & Emerging Technology Security
- Secure access to AI/ML platforms, tools, and resources, including LLM APIs, AI agents, and machine-to-machine authentication for AI-driven services
- Apply IAM governance principles (least privilege, lifecycle management, auditing) to non-human identities and AI agents to mitigate emerging risks such as over-privileged connectors or unauthorized data access
- Partner with engineering and security teams to define access and authentication standards for internally built and third-party AI tooling
Leadership & Strategy
- Act as a trusted advisor to security, IT, and application teams on identity best practices and architecture decisions
- Map IAM controls to compliance and Zero Trust frameworks (e.g., SOC 2, ISO 27001, NIST) in partnership with GRC teams
- Mentor junior IAM engineers and contribute to the long-term IAM roadmap
- Document standards, runbooks, and processes to mature the IAM program
- Own vendor relationships and roadmap discussions with Okta, Auth0, and related identity vendors
You Bring
- Extensive hands-on experience administering Okta at an enterprise level, including SSO/SCIM, Okta Workflows, and Okta Identity Governance
- Strong, demonstrable experience with Auth0, including IdP connection creation and troubleshooting across major identity providers
- Solid understanding of authentication and authorization concepts (SAML, OIDC, OAuth 2.0, MFA, adaptive/risk-based policies)
- Working knowledge of identity and security logging practices to support monitoring and investigation
- Practical experience consuming and integrating with REST APIs for automation and troubleshooting
- Working knowledge of AWS, including AWS Identity Center
- Familiarity with directory services (Active Directory, Entra ID) and how they integrate with Okta/Auth0
- Strong troubleshooting skills and comfort making high-impact changes to production authentication systems
- Excellent communication skills, with the ability to translate technical identity concepts for both technical and non-technical stakeholders
Special Knowledge (Nice to Have, But Not Required)
- Relevant certifications (Okta Certified Consultant/Administrator, AWS certifications, CISSP, etc.)
- Experience mapping IAM controls to compliance frameworks (SOC 2, ISO 27001, NIST)
- Understanding of privileged access management (PAM) and non-human identity governance (service accounts, API keys, secrets rotation)
Location
This role is open to candidates in the following locations: New York, NY
- This role is expected to come into the office on a cadence set by the Hiring Manager/Team.
- If you're not based in one of the locations listed above, this role is not a fit, and we cannot accommodate remote work outside these locations.
- Applicants must be authorized to work for any employer in the U.S. DriveWealth does not sponsor or take over sponsorship of an employment visa at this time.
Pay Range: $155,000 – $175,000 USD
Working at DriveWealth
We do our best work when we're in the same room. To maintain the speed our partners expect, our New York, Chicago, and Lithuania teams work in office on a hybrid schedule. We've found that being physically side-by-side is the only way to solve complex problems in real-time and stay truly accountable to the products we ship. When you're here, you're working directly with the people making the decisions.
To support that work, we provide competitive compensation, equity, and a 401(k) match. We also offer Medical insurance, Dental insurance, Vision insurance, Disability insurance, and Paid Parental Leave, along with a wellness reimbursement, a company-provided phone, and a personal development allowance. Finally, we value the time you spend away from the office with generous Paid Time Off (PTO) and observed holidays.
Work Authorization
Applicants must possess the legal right to work in the country where the position is located at the time of application. DriveWealth requires all employees to provide original documentation verifying their work authorization on or before their first day of employment.
For US-based roles: Applicants must be currently authorized to work in the United States on a full-time basis without the need for current or future visa sponsorship. DriveWealth does not provide visa sponsorship or support for employment authorization, including transfers, at this time. Offers of employment are strictly contingent upon an individual’s ability to secure and maintain the legal right to work at the Company.
How We Think About AI
We leverage AI to work smarter and move faster. We seek AI-curious talent who are proactive about using emerging tools to increase signal quality, reduce friction, and improve outcomes to deliver products faster, provide better service to our partners, and to streamline processes. Your ability to leverage our internal tools and technology to drive results is as important to us as your core domain expertise.
Compensation
Pay is generally based on the level, complexity, responsibility, location, and job duties/requirements of the specific position. We then source candidates with the requisite skills, expertise, education, training, and experience. If you are selected for an interview, please feel welcome to speak to a recruiter about our compensation philosophy and other available benefits. This role is eligible for base, bonus, equity, 401(k) match, and heavily subsidized benefits and perks.
Equal Employment Opportunity
To build technology and products that are used and loved by people and solve real-world problems, we need to build a team with many different perspectives and experiences. We are an equal opportunity employer. We do not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. We encourage candidates from all backgrounds to apply.
Agency Disclaimer
DriveWealth does not accept agency resumes. Do not forward resumes to our jobs alias, employees, or any other organization location. DriveWealth is not responsible for any fees related to unsolicited resumes.