Lead enterprise‑scale Active Directory, EntraID and infrastructure operations

Job Description

Are you curious, motivated, and forward-thinking? At FIS you’ll have the opportunity to work on some of the most challenging and relevant issues in financial services and technology. Our talented people empower us, and we believe in being part of a team that is open, collaborative, entrepreneurial, passionate, and above all fun. 

About the role:

The Lead enterprise‑scale Active Directory, EntraID and infrastructure operations is responsible for leading enterprise‑scale Active Directory, EntraID and infrastructure operations, ensuring system compliance, reliability, security, and redundancy across a global environment. This role serves as the technical subject matter expert (SME) for Directory Services, oversees domain controller standards, and drives modernization and automation initiatives. This role requires participation in an on‑call rotation to support business needs outside of standard working hours.

About the team:

Enterprise Directory Services (EDS) is the centralized team responsible for the design, governance, security, and reliable operation of the enterprise’s directory and identity platforms. The team serves as the subject‑matter authority for Active Directory–based services, establishing consistent standards, enforcing security and compliance requirements, and maintaining resilient, well‑governed environments that underpin authentication and access across the organization. By partnering closely with security, infrastructure, and application teams, EDS continuously improves directory services, supports enterprise growth initiatives, and reduces operational risk through expert ownership, disciplined lifecycle management, and strong operational governance.

What you will be doing:

• Maintain and continuously enhance the enterprise Domain Controller (DC) standards, ensuring annual review and alignment across all new and existing deployments.
• Oversee DC lifecycle governance, including secure builds, system hardening, vulnerability remediation, redundancy, and resiliency.
• Ensure quarterly PCI compliance for all DCs by addressing and resolving findings from automated security scans.
• Lead governance and administration of domain‑wide and DC‑specific Group Policy Objects (GPOs), including facilitation of weekly GPO review forums.
• Manage certificate configurations for DCs and enforce secure RDP/WinRM settings through Group Policy; collaborate with the PKI team to drive automation initiatives.
• Deploy and support enterprise identity and security solutions such as Entra Password Protection, Password Policy Enforcer, ActiveRoles, and StrongDM.
• Lead Active Directory (AD) hygiene efforts, including OU structure governance and recurring review sessions.
• Create and manage Azure applications, Conditional Access policies, subscriptions, and management group structures.
• Administer and optimize Intune workstation policies to support a secure and consistent end‑user environment.
• Contribute to the planning, design, and testing of the native Azure workstation migration strategy.
• Govern and maintain the enterprise browser site list.
• Support annual risk assessments and internal AD audits, delivering required evidence and driving remediation of identified findings.
• Maintain and track compliance activities within Archer, including risk acceptance and remediation management.
• Utilize QRadar logs and queries to support investigations, incident response, and operational troubleshooting.
• Host weekly Weekend Changes meetings and serve as the escalation point for Directory Services–related incidents.
• Act as a subject matter expert for Directory Services across strategic projects, proof‑of‑concepts, and cross‑functional technical engagements.

What you bring:

• Over 7 years of experience leading systems engineering and infrastructure operations.
• Advanced expertise in Active Directory, Group Policy, certificates, and domain controller architecture.
• Strong proficiency in Entra ID, Azure Compute and Identity & Security.
• Proven experience with implementing and supporting compliance frameworks such as PCI and CIS.
• Extensive PowerShell capabilities for enterprise-scale troubleshooting, auditing, and automation.
• Working knowledge on SIEM platforms like QRadar, to support security monitoring and incident response.
• Hands-on experience with Intune and large-scale enterprise workstation management.
• Effective communicator with demonstrated leadership skills across cross-functional technical teams.

What we offer you:

At FIS, you can learn, grow and make an impact in your career. Our benefits include:

• Flexible and creative work environment
• Diverse and collaborative atmosphere
• Professional and personal development resources
• Opportunities to volunteer and support charities
• Competitive salary and benefits

FIS is committed to providing its employees with an exciting career opportunity and competitive compensation. The pay range for this full-time position is $108,040.00 – $183,680.00 and reflects the minimum and maximum target for new hire salaries for this position based on the posted role, level, and location. Within the range, actual individual starting pay is determined by additional factors, including job-related skills, experience, and relevant education or training. Any changes in work location will also impact actual individual starting pay. Please consult with your recruiter about the specific salary range for your preferred location during the hiring process.

Privacy Statement

FIS is committed to protecting the privacy and security of all personal information that we process in order to provide services to our clients. For specific information on how FIS protects personal information online, please see the Online Privacy Notice.

EEOC Statement

FIS is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, marital status, genetic information, national origin, disability, veteran status, and other protected characteristics. The EEO is the Law poster is available here supplement document available here

For positions located in the US, the following conditions apply. If you are made a conditional offer of employment, you will be required to undergo a drug test. ADA Disclaimer: In developing this job description care was taken to include all competencies needed to successfully perform in this position. However, for Americans with Disabilities Act (ADA) purposes, the essential functions of the job may or may not have been described for purposes of ADA reasonable accommodation. All reasonable accommodation requests will be reviewed and evaluated on a case-by-case basis.

Sourcing Model

Recruitment at FIS works primarily on a direct sourcing model; a relatively small portion of our hiring is through recruitment agencies. FIS does not accept resumes from recruitment agencies which are not on the preferred supplier list and is not responsible for any related fees for resumes submitted to job postings, our employees, or any other part of our company.

#pridepass