Role summary

We are looking for a Senior IT Support Admin to own and operate FINBOURNE's corporate IT estate — spanning identity and access management, endpoint and device management, workplace security operations, and office infrastructure. This is a broad, hands-on role that sits at the heart of how FINBOURNE's staff work day-to-day, and requires someone equally comfortable responding to a staff ticket as they are designing a network VLAN or building an Okta lifecycle workflow.

You will be responsible for administering the full SaaS and device estate across macOS and Windows, managing identity platforms including Okta and Microsoft Entra ID, and owning office networking across Cisco Meraki and UniFi. You will act as the primary internal IT point of contact for all staff, manage the relationship with our third-party MSP, and contribute directly to audit and compliance evidence for SOC2 and ISO. You will be expected to actively leverage AI tools — including Claude and Claude Code — to automate routine tasks, accelerate scripting, and improve documentation.

Key Responsibilities

Identity & Access Management

• Administering Okta (and to a lesser degree Microsoft Entra ID) and internal identity management tools across the joiner / mover / leaver lifecycle for staff and external contractors
• Maintaining Conditional Access policies, MFA enforcement, device compliance signals and SSO integrations across the SaaS estate
• Managing RBAC and entitlement reviews across Microsoft 365, Okta, Atlassian and third-party SaaS applications
• Owning SCIM provisioning, SAML/OIDC integrations and Okta lifecycle workflows for new and existing applications
• Managing 1Password as the enterprise secrets store: vault structure, group access, recovery and offboarding
• Running access reviews and offboarding audits, ensuring complete and timely removal of access on leavers
  

Endpoint & Device Management

• Owning the macOS fleet via Kandji: blueprints, ADE / zero-touch enrolment, software deployment, custom .mobileconfig profiles, scripting and patch currency
• Owning the Windows fleet via Microsoft Intune: Autopilot, update rings, feature update convergence, proactive remediations and third-party app delivery
• Defining and maintaining BYOD policies, MDM-to-Entra ID / Okta device trust, and device compliance baselines
• Maintaining CIS Level 1 benchmark compliance across macOS and Windows fleets, including authoring profiles to remediate gaps
• Owning hardware procurement, asset tracking (Jira ITA) and the full device lifecycle (new, refresh, offboarding, secure wipe)
  
  

Security Operations (Workplace)

• Triaging and responding to Microsoft Defender for Endpoint alerts; escalating to the security team where appropriate
• Maintaining CIS benchmark coverage and producing audit evidence for SOC2, ISO and customer assurance requests
• Performing eDiscovery and compliance searches in Microsoft 365 in support of Legal and HR investigations
• Driving quarterly security hygiene tasks: stale account cleanup, MFA coverage checks, conditional access reviews, MDM drift detection
• Acting as the workplace-side counterpart to platform security, owning controls on the corporate / staff identity and device estate

Messaging, Collaboration & Microsoft 365

• Administering Exchange Online: mail flow rules, transport, shared mailboxes, dynamic distribution lists, anti-spam and anti-phishing posture
• Administering SharePoint Online: new site provisioning, DLP policies, external sharing controls and information barriers
• Managing Microsoft 365 tenant-level configuration, licensing optimisation, and feature rollout
• Supporting Slack, Microsoft Teams, Notion and the Atlassian suite (Jira, Confluence) including access management and workflow / automation configuration

Infrastructure & Networking (Office)

• Owning office networking on Cisco Meraki / UniFi: VLAN design and segmentation, site-to-site VPN, wireless, and physical-access integration
• Operating Microsoft Azure components used by IT: VMs, Key Vault, Automation Accounts, Enterprise Apps and Entra ID integration
• Designing and delivering office build-outs and network refreshes (e.g. Dublin office networking) end-to-end

IT Operations & Service Delivery

• Acting as the primary internal IT point of contact for all staff: tickets, walk-ups, escalations and VIP support
• Managing the relationship with the 3rd-party IT MSP across 1st–3rd line, acting as the internal escalation point and quality gate
• Owning vendor relationships (resellers, MDM vendors, SaaS suppliers) and contract / renewal management
• Running vendor selection, quote analysis and procurement via resellers and platforms; building business cases for new tooling
• Maintaining IT runbooks, admin guides and onboarding / offboarding documentation in Notion as the system of record
• Reporting on IT risk, operational posture and project delivery to the CISO and contributing to audit and compliance evidence

Automation & Tooling

• Building lightweight automation across Kandji/Iru, Intune, Entra ID, Okta, Jira and Exchange via REST APIs, PowerShell and Bash / Shell
• Owning automation and runbooks for routine IT tasks (provisioning, reporting, scheduled clean-ups)
• Driving Jira webhook / Atlassian Automation flows for asset intake, device health reporting and service request fulfilment
• Using AI tools (Claude, Claude Code, Copilot) and developing AI Agents to accelerate scripting, runbook authoring, log triage and ticket response

Just some of our benefits

• Competitive salary plus performance based bonus. The bonus is based on a grading system which will include a mix of cash, and in some cases, Stock Options
  
• Health & Wellbeing: A competitive health insurance policy that disregards previous medical history. This also includes dental, optical, mental health support and comprehensive cancer cover.
• Cycle to work scheme and Gym discounts: Buy a bike and cycling accessories out of your pre-tax salary and spread the cost over 12 months, as well huge discounts off Hussle, KOBOX and Nuffield Health gyms
• Hybrid working: We operate a hybrid model, with a flexible approach to working in our offices around the world. We’re committed to helping you be productive in a way that works best for you and FINBOURNE
  
• Professional learning and development: External training and accreditations are supported, as well internal training and development programs.
• Maternity, paternity and adoption leave: Paid maternity, paternity and adoption leave, which includes 13 weeks full pay for maternity and adoption leave and 6 weeks full pay for paternity leave
  
• Holiday: 25 days holiday plus bank holidays and the ability to purchase an additional 5 days leave per year. We also offer a day off for your birthday.
• Celebration of your work anniversaty: As a token of appreciation for the contribution and commitment of our
  employees, we award a £50 Amazon voucher to employees each year on their work anniversary.

About FINBOURNE

We are a young, dynamic financial technology company aiming to re-engineer the world of investing to make it clearer, faster and more cost effective for everyone.

At FINBOURNE, we offer a hugely supportive environment to build a career, with continuous learning and development opportunities. We have a collaborative culture of testing and exploring problems together to find the best evidence-based solutions. We respect your independent thought, your intellectual curiosity and your opinion.

Our solution is open, API first and developer friendly – a true first for the asset management industry. You can see what our team is busy building on Github.

For more information about us please visit our website.