Identity Governance and Privileged User Engineer

Founded and headquartered in Switzerland, Avaloq is continuously expanding its global footprint with around 2,500 colleagues in 12 countries, and more than 170 clients in 35 countries. We are an industry-leading provider of wealth management technology and services for financial institutions around the world, including private banks and wealth managers, investment managers, as well as retail and neo banks. Our research led approach and continual innovation is powered by the passion and creativity of our colleagues.
We are always looking for talented people to join us on our mission to orchestrate the financial ecosystem and democratize access to wealth management. Avaloq offers the opportunity to work closely with some of the world’s leading financial institutions as we jointly develop and shape careers. Championing a collaborative, supportive and flexible work environment empowers our colleagues to reach their full potential.

Join the IAM team to manage privileged access and identity governance. Work with One Identity Safeguard and One Identity Manager to secure accounts, support JML processes, and integrate applications.

Your key tasks 

Privileged Access Management (PAM)

• Operate and maintain One Identity Safeguard
• Manage credential policies, password rotation, and integrations
• Onboard systems and accounts into PAM
• Monitor platform health and troubleshoot issues

Identity Governance (IGA)

• Support JML processes with One Identity Manager
• Maintain workflows, mappings, and job server operations
• Integrate new applications and validate access assignments

Documentation

• Maintain SOPs, runbooks, and audit-compliant records

Systems & Infrastructure

• Manage IAM components on Windows/Linux
• Perform patching, hardening, and monitoring
• Provide L2/L3 support for IAM and directory services

Automation & Tooling

• Automate with Terraform and Ansible
• Develop PowerShell scripts; use SQL for troubleshooting

• Degree in IT or a related field
• 2–3 years of experience in PAM/IGA roles
• Hands-on experience with One Identity Safeguard or similar tools (e.g., CyberArk, BeyondTrust, Delinea)
• Strong Windows and Linux engineering skills
• Solid knowledge of AD, Azure AD/Entra ID, LDAP, and authentication protocols
• Proficiency in Terraform, Ansible, and PowerShell; SQL knowledge preferred
• Strong documentation skills and a compliance-focused mindset
• Fluent in English; German or French is a plus

We realize that managing work life balance is a challenge we all face in our daily lives and in order to support with this we are pleased to offer hybrid and flexible working for most of our Avaloqers to maintain work life balance and still continue our fantastic Avaloq culture in our global offices. 

In Avaloq we are proud to embrace diversity and understand the success of our business is built on the power of different opinions, we are whole heartedly committed to fostering an equal opportunity environment and inclusive culture where you can be your true authentic self. 

We hire, compensate and promote regardless of origin, age, gender identity, sexual orientation or any other fantastic traits that make us all unique, we have done our best to write this advert in an inclusive and neutral way. 

Please be aware that we will not accept speculative CV submissions for any of our roles from recruitment agencies, and any unsolicited candidate submissions will be exempt from any payment expectations.  

#LI-Hybrid