Blackstone is the world’s largest alternative asset manager. We seek to create positive economic impact and long-term value for our investors, the companies we invest in, and the communities in which we work. We do this by using extraordinary people and flexible capital to help companies solve problems. Our $1.1 trillion in assets under management include investment vehicles focused on private equity, real estate, public debt and equity, infrastructure, life sciences, growth equity, opportunistic, non-investment grade credit, real assets and secondary funds, all on a global basis. Further information is available at www.blackstone.com. Follow @blackstone on LinkedIn, X, and Instagram.
Role Overview
The Vice President Workforce Identity and Directory Services serves as the primary owner of all Active Directory related infrastructure and strategy. This role leads the design, governance, and modernization of the enterprise identity platform across on-premises, hybrid, and cloud environments. The VP is responsible for developing long-term technology roadmaps, driving security best practices, and partnering with Security, Infrastructure, and Application teams to deliver scalable, resilient identity services aligned with business objectives.
Key Responsibilities
Serve as the primary owner and point-of-contact for all Active Directory infrastructure, strategy, and operations across on-premises and cloud environments.
Lead and execute a long-term technology roadmap to modernize the Active Directory environment, including forest and domain consolidation, AD tiering model implementation, strategic reduction and decommissioning of on-premises domain controllers, and accelerating workload migration from on-premises AD to Microsoft Entra ID.
Architect and govern enterprise Active Directory Domain Services (AD DS), Active Directory Certificate Services (AD CS), DNS, and DHCP, PKI, ensuring high availability, disaster recovery readiness, and security at scale.
Drive the adoption and optimization of Microsoft Entra ID security features, including Conditional Access, Identity Protection, Identity Governance, Workload Identities, and Entra Permissions Management.
Govern Entra ID external collaboration and application identity, including cross-tenant access policies, B2B guest account lifecycle, app registration and enterprise application management, API permission and consent policy governance, and service principal security and credential rotation.
Manage hybrid Active Directory environments, including Azure AD Connect / Cloud Sync configuration, seamless SSO, pass-through authentication, and directory synchronization health monitoring.
Design and enforce Group Policy architecture at scale, including GPO lifecycle management, security baselines, and policy inheritance strategies across complex OU structures.
Establish and enforce identity security best practices, policies, and standards across the organization in alignment with zero trust principles and AD tiering models (Enhanced Security Admin Environment).
Oversee Kerberos, NTLM, LDAP, and certificate-based authentication protocols, driving migration away from legacy protocols toward modern authentication standards.
Lead AD Forest and domain trust management, replication topology optimization, Sites and Services configuration, and schema extension governance.
Partner with Security, Compliance, and Risk teams to ensure identity infrastructure meets regulatory and audit requirements, including SOX, NIST, and industry-specific mandates.
Oversee incident response, disaster recovery, and root cause analysis for identity-related security events, AD replication failures, and service disruptions.
Evaluate emerging identity technologies and industry trends including passwordless authentication, decentralized identity, and AI-driven threat detection to inform strategic planning and investment decisions.
Required Qualifications
10+ years of progressive experience in IT infrastructure with a focus on Active Directory and identity management, including at least 5 years in an architect or senior engineering capacity.
Deep knowledge of Microsoft 365 from an identity and access management perspective, including Exchange Online, SharePoint Online, and Teams integration with Entra ID, M365 group and license management, app consent frameworks, service principals, and Microsoft 365 Defender for identity related threat detection.
Deep fluency in authentication and federation protocols, including SAML, OAuth 2.0, OpenID Connect, WS-Federation, Kerberos, LDAP, and NTLM, with a track record of migrating environments away from legacy protocols.
Experience implementing passwordless authentication strategies, including FIDO2, Windows Hello for Business, and certificate-based authentication via PKI.
Hands-on experience with Active Directory security assessment and hardening tools such as BloodHound, PingCastle, and Purple Knight for attack path analysis and security posture evaluation.
Knowledge of service account governance, including Group Managed Service Accounts (gMSA), and endpoint security tooling such as LAPS.
Proficiency with PowerShell, Terraform, DSC, and Microsoft Graph API for identity infrastructure automation, reporting, and configuration drift detection.
Working knowledge of NIST, SOX, or other regulatory compliance frameworks as they relate to identity management and PKI governance.
Microsoft certifications such as Microsoft Certified: Identity and Access Administrator Associate, Azure Solutions Architect Expert, or Cybersecurity Architect Expert.
Proven track record of building, mentoring, and managing high-performing identity engineering teams.
Excellent communication and stakeholder management skills, to include translating complex identity concepts for non-technical audiences and influence at all levels of the organization.
Preferred Qualifications
Identity architecture and strategic technology vision
Enterprise security and zero trust mindset
Deep technical problem solving across complex, multi-forest AD environments
Stakeholder management and executive communication
Strong ownership, accountability, and bias toward action
Experience in financial services, private equity, or other highly regulated industries.
The duties and responsibilities described here are not exhaustive and additional assignments, duties, or responsibilities may be required of this position. Assignments, duties, and responsibilities may be changed at any time, with or without notice, by Blackstone in its sole discretion.
Expected annual base salary range:
$160,000 - $225,000Actual base salary within that range will be determined by several components including but not limited to the individual's experience, skills, qualifications and job location. For roles located outside of the US, please disregard the posted salary bands as these roles will follow a separate compensation process based on local market comparables.
Additional compensation and benefits offered in connection with the role consist of comprehensive health benefits, including but not limited to medical, dental, vision, and FSA benefits; paid time off; life insurance; 401(k) plan; and discretionary bonuses. Certain employees may also be eligible for equity and other incentive compensation at Blackstone’s sole discretion.
Blackstone is committed to providing equal employment opportunities to all employees and applicants for employment without regard to race, color, creed, religion, sex, pregnancy, national origin, ancestry, citizenship status, age, marital or partnership status, sexual orientation, gender identity or expression, disability, genetic predisposition, veteran or military status, status as a victim of domestic violence, a sex offense or stalking, or any other class or status in accordance with applicable federal, state and local laws. This policy applies to all terms and conditions of employment, including but not limited to hiring, placement, promotion, termination, transfer, leave of absence, compensation, and training. All Blackstone employees, including but not limited to recruiting personnel and hiring managers, are required to abide by this policy.
If you need a reasonable accommodation to complete your application, please contact Human Resources at 212-583-5000 (US), +44 (0)20 7451 4000 (EMEA) or +852 3656 8600 (APAC).
Depending on the position, you may be required to obtain certain securities licenses if you are in a client facing role and/or if you are engaged in the following:
Attending client meetings where you are discussing Blackstone products and/or and client questions;
Marketing Blackstone funds to new or existing clients;
Supervising or training securities licensed employees;
Structuring or creating Blackstone funds/products; and
Advising on marketing plans prepared by a sales team or developing and/or contributing information for marketing materials.
Note: The above list is not the exhaustive list of activities requiring securities licenses and there may be roles that require review on a case-by-case basis. Please speak with your Blackstone Recruiting contact with any questions.
To submit your application please complete the form below. Fields marked with a red asterisk * must be completed to be considered for employment (although some can be answered "prefer not to say"). Failure to provide this information may compromise the follow-up of your application. When you have finished click Submit at the bottom of this form.