IAM Administrator

This role ensures secure, scalable, and centralized Identity and Access Management (IAM) across the organization. It is responsible for the effective operation and continuous improvement of IAM systems -primarily Okta- while overseeing access control mechanisms and the secure governance of company-wide SaaS applications, subscriptions, and shared accounts. WHAT YOU'LL BE DOING IAM & Okta Management

• Own and continuously improve the company's Okta IAM environment.
• Manage the full user lifecycle (joiner-mover-leaver) processes in a structured and secure manner.
• Design, implement, and maintain scalable Role-Based Access Control (RBAC) models.
• Configure and manage SSO and MFA policies across integrated systems.
• Lead the integration of new SaaS applications into the IAM ecosystem.
• Review, evaluate, and manage access requests and approval workflows.

Access Governance & Security

• Ensure access management aligns with the principle of least privilege.
• Conduct and coordinate periodic access reviews and recertification processes.
• Implement and enforce access controls for business-critical systems.
• Monitor access logs and proactively identify potential risks or anomalies.
• Support internal and external audit and compliance requirements.

SaaS, Subscriptions & Shared Account Governance

• Manage centralized access control for company-owned SaaS tools and subscriptions.
• Establish secure configuration standards and tracking mechanisms for shared accounts.
• Maintain clear ownership and access governance for vendor and third-party accounts.
• Assess IAM and security requirements for newly procured tools.
• Collaborate with relevant teams to optimize license usage and access allocation.

Cross-Functional Collaboration

• Work closely with IT, Security, Finance, and Operations teams to ensure secure and efficient access management.
• Contribute to secure onboarding processes for new tools and systems.
• Maintain clear, up-to-date documentation of IAM policies, standards, and operational processes.

Do you have experience in Scripting?, Degree in Computer Engineering, Information Systems, Cyber Security, or a related field.

• At least 2-3 years of hands-on experience in Identity & Access Management (IAM) or a related security/IT field.
• Solid understanding of SSO protocols, including SAML, OAuth2, and OpenID Connect.
• Strong knowledge of Role-Based Access Control (RBAC) and identity lifecycle management (provisioning, de-provisioning, access reviews).
• Experience integrating SaaS applications into centralized IAM environments.
• High attention to detail and strong security awareness in access management processes.
• Ability to design, improve, and clearly document IAM operational workflows.
• Practical experience with Okta (strongly preferred).
• Exposure to Cloud IAM concepts and cloud-native identity environments.
• Experience supporting IT audit and compliance processes.
• Familiarity with automation or scripting to improve IAM efficiency.

• Full-time contract with competitive salary
• Private health insurance, a generous meal card
• Full visa & relocation support if you're moving to Barcelona
• Annual learning & development budget for courses, tools, or events that support your growth
• Free access to Codeway's suite of apps across productivity, wellness, and education
• A top-notch office in the heart of the city

Codeway builds consumer apps used by millions around the world, spanning AI creativity, wellness, learning, and productivity. Our products are built with a strong focus on user experience, speed, and quality, and are powered by deep in-house technology and data capabilities. Barcelona is a growing core hub for Codeway. We are building a strong engineering culture here, focused on ownership, fast execution, and high standards of craft. This is a place for engineers who want to stay close to the product, influence real decisions, and see their work reach users quickly. We are now looking for a IAM Administrator to join our Barcelona team and help us build and scale high-quality mobile experiences across our consumer app portfolio.