Apply now »

Expert IAM Engineer Okta

Location: 

Port Klang, MY, 42000

At Barry Callebaut, we are on a journey to transform the cocoa and chocolate industry. As the world’s leading manufacturer of high-quality chocolate and cocoa products, our actions truly shape the future of our industry. We are a business-to-business company, serving the entire food sector, from the cocoa bean to the finest chocolate product. We are a company with a purpose, we believe in doing well by doing good and reinvesting in the communities we operate. We have a long-standing commitment to sustainability and our goal is to shape a sustainable cocoa and chocolate future. We are headquartered in Zurich, and have more than 12,000 passionate Employees working in more than 40 countries worldwide. We are very proud of who we are and what we do. And of course, we are always looking for talented people to help us have a positive impact on our industry and beyond!

About the role

Barry Callebaut Digital (BC Digital) is on a mission to lead the digital revolution in the chocolate industry, and we're looking for an Expert Engineer to join our Identity & Access Management team. Identity and Access Management (IAM) is a key element of the Information Security Strategy and Framework and plays a vital role in our digital ecosystem.

 

As an Expert Engineer Okta , you will be the senior hands-on Okta specialist responsible for the stability, security, and continuous improvement of our Okta platform (SSO, MFA, Universal Directory, lifecycle/provisioning, integrations). You will act as the highest technical escalation point for Okta, leading complex troubleshooting, driving root cause analysis, and ensuring high-quality delivery for onboarding, migrations, and operational enhancements. You will work closely with IT Security, Enterprise Architecture, Cloud, and Application teams across a global footprint to deliver robust identity solutions that align with business and security objectives. If you’re a seasoned professional with deep expertise, we invite you to join our team!

 

Key responsibilities include

  • Own the end-to-end Okta platform operations: configuration, hygiene, policy management, monitoring, and lifecycle improvements.
  • Act as the technical design authority for Okta implementations (application onboarding, federation patterns, MFA approach, group/attribute model, UD structures) focusing on best practice and supportability.
  • Lead and review SSO integrations, including troubleshooting of complex authentication flows and session issues.
  • Own MFA and sign-in security posture in Okta (policy tuning, adaptive MFA where applicable, secure exceptions handling, continuous hardening).
  • Drive provisioning and lifecycle capabilities (UD, deprovisioning standards, access hygiene and cleanup).
  • Manage Okta logging and investigation practices: daily log health, anomaly detection inputs, evidence capture, and incident support.
  • Deliver automation and operational efficiency using Okta Workflows, Okta APIs, and scripting (reduce manual effort, improve reliability).
  • Define and maintain Okta runbooks/SOPs, improve ServiceNow request patterns, and ensure audit-ready evidence for changes and access activities.
  • Serve as the L4 escalation point: resolve high-impact incidents, lead RCA, and implement preventive actions.
  • Mentor junior engineers and analysts on Okta troubleshooting and operations through case reviews, shadowing, and knowledge articles, fostering innovation and continuous improvement.
  • Assist in developing and executing the vision for identity management, aligning with the overall I&AM strategy
  • Act as design authority for IAM platforms, directory services, and authentication solutions.
  • Architect, design, review, and implement complex IAM and directory service solutions across on-prem, and cloud environments.
  • Lead identity lifecycle, federation, and authentication initiatives.
  • Work closely with IT Security, Enterprise Architecture, and other teams
  • Rapidly address security incidents and troubleshoot complex issues related to identity management
  • Contribute to IAM standards, procedures, and long-term platform improvements.

 

About you 

  • Bachelor’s or master’s degree in information technology / Computer Science, Information Security, Audit, Risk, or related field
  • Candidate must hold at least one of the following certifications: Okta Certified Administrator, Okta Certified Professional, or Okta Certified Consultant. Other IAM/Security certifications are a plus.
  • Industry-recognized certification in security (e.g., CAMS, CIAM, SC-300/900) or equivalent a highly appreciated
  • Proven track record of successfully delivery complex IAM projects in large environments
  • In-depth knowledge of industry best practices and emerging trends
  • Proficient in English
  • 10+ years of experience in Identity & Access Management in enterprise environments, with strong Okta specialization.
  • Proven track record owning Okta operations and integrations at scale.
  • Experience working with hybrid identity dependencies (AD and/or Entra ID) in support of federation and lifecycle.
  • Expert-level knowledge of Okta Universal Directory, group/attribute design, profile sources, and lifecycle patterns.
  • Deep hands-on experience with SSO: SAML, OAuth, authentication policies, sign-on policies and app troubleshooting.
  • Strong expertise in MFA and secure access: configuration, enrollment issues and policy tuning.
  • Advanced Okta System Log analysis and troubleshooting skills: ability to interpret events, identify root cause, and provide evidence-based fixes.
  • Experience with automation/integration: Okta Workflows, Okta APIs, and scripting.
  • Working knowledge of Entra ID and Active Directory for federation/hybrid scenarios, without heavy architectural emphasis.
  • In-depth knowledge of IAM principles, authentication, authorization, and identity governance.
  • Strong knowledge of Okta (Okta Universal Directory, SSO, MFA, Adaptive MFA), Microsoft Active Directory, and Microsoft Entra ID.
  • Solid understanding of PKI and certificate-based authentication.
  • Knowledge in Azure Identity principles and solutions
  • Strong understanding of Zero Trust architecture and least-privilege access models.
  • Excellent communication and collaboration skills
  • Exhibits a passion for digital technology and innovation, constantly seeking new and creative solutions to enhance processes, decision-making and user experiences
  • Collaborates well across diverse and globally distributed teams, with the ability to build and maintain positive relationships across different levels and functions of the organization
  • Is hands-on, pragmatic, and accountable for outcomes (availability, reliability, security posture)
  • Coaches others through structured knowledge sharing and real-case mentoring
  • Is proactive in continuous improvement: reduces repeat incidents, improves SOPs, and automates recurring tasks.
  • Communicates clearly in incidents and change execution, documents decisions and procedures consistently, with strong documentation and presentation skills.
  • Strategic thinker with the ability to translate vision into actionable plans
  • Collaborative and adaptable leadership style

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

At Barry Callebaut, we are committed to Diversity & Inclusion. United by our strong values, we thrive on the diversity of who we are, where we come from, what we’ve experienced and how we think. We are committed to nurturing an inclusive environment where people can truly be themselves, grow to their full potential and feel they belong. #oneBC - Diverse People, Sustainable Growth.

If you want to learn more about Barry Callebaut, please find further information here.

Were you missing anything in this job ad? Please share your feedback with us by clicking here.


Job Segment: Engineer, Engineering

Apply now »