Who We Are:

IMG is a leading global sports marketing agency, specializing in media rights management and sales, multi-channel content production and distribution, brand partnerships, strategic consulting, digital services, and events management. It powers growth of revenues, fanbases and IP for more than 200 federations, associations, events, and teams, including the National Football League, English Premier League, International Olympic Committee, National Hockey League, Major League Soccer, ATP and WTA Tours, the AELTC (Wimbledon), Euroleague Basketball, CONMEBOL, DP World Tour, and The R&A, as well as UFC, WWE, and PBR. IMG is a subsidiary of TKO Group Holdings, Inc. (NYSE: TKO), a premium sports and entertainment company.

TKO Group Holdings, Inc. (NYSE: TKO) is a premium sports and entertainment company. TKO owns iconic properties including UFC, the world’s premier mixed martial arts organization; WWE, the global leader in sports entertainment; and PBR, the world’s premier bull riding organization. Together, these properties reach 1 billion households across 210 countries and territories and organize more than 500 live events year-round, attracting more than three million fans. TKO also services and partners with major sports rights holders through IMG, an industry-leading global sports marketing agency; and On Location, a global leader in premium experiential hospitality.



MAIN PURPOSE

The Identity Architect will serve as the technical lead for designing, building, and delivering novel and greenfield enterprise identity services as part of M&A lifecycle and other strategic programs. This role is responsible for architecting a secure, scalable, and operationally sound Okta, Microsoft Entra ID, on-premises Active Directory, and identity access governance & automated identity lifecycle management to support the TKO operations for global brands such as UFC, WWE, IMG, OLE, PBR, and more. The architect will ensure seamless integration with cloud platforms, identity providers, and core business systems while maintaining alignment with security, compliance, and operational requirements.

WHY JOIN TKO?

TKO unites three of the most recognizable brands in global sports —UFC, WWE, and PBR —with the premier hospitality brand, OLE, and the world-class broadcast, sports, and events company, IMG, to form a next-generation technology, sports, and entertainment powerhouse. As TKO prepares to separate from Endeavor and build a fresh infrastructure, this is a rare opportunity to engineer core systems at scale in a greenfield environment.

You’ll work with cutting-edge identity, cloud, and infrastructure technologies from Okta and Entra ID and enterprise automation using Workato, Service Now, Workday, and Okta Workflows. The challenges are complex, the expectations are high, and the impact is real.  Your work will support everything from corporate operations to global broadcasts and live events.

If you want to build something that lasts and do it with autonomy and purpose, then TKO is where you want to be.

KEY RESPONSIBILITIES

• Lead the design and execution of identity services across Okta, Active Directory, and Microsoft Entra ID, supporting the stand-up of TKO’s greenfield IT environment.

• Lead and drive complex cross-enterprise identity migrations as part of M&A or divestiture programs, leveraging tools such as Quest Migration Manager, Quest OnDemand Migration (ODM), BitTitan MigrationWiz, or equivalent platforms to ensure secure, phased transitions across forests, tenants, and domains.

• Architect and deploy secure, scalable directory structures, trust relationships, and authentication flows across on-prem and cloud systems.

• Own configuration and integration of Okta Identity Cloud as the primary identity provider, including SSO, MFA (e.g., Verify + Fastpass), SCIM provisioning, API provisioning, and directory integrations.

• Design and operate Identity Lifecycle Management (ILM) workflows integrated with Workday, ensuring automated joiner/mover/leaver processes are secure, scalable, and auditable.

• Architect, lead, and drive the development of automated identity lifecycle workflows using Workday, Okta Workflows, and Okta Identity Governance, including access certifications and entitlement reviews.

• Design and implement AD forest/domain strategy, including OU structure, GPO hierarchy, DNS, and replication models.

• Manage and maintain Microsoft Entra ID joined devices, with accountability for device compliance, enrollment, and configuration policies via Microsoft Intune.

• Oversee synchronization and federation patterns between Active Directory (AD), Okta, and Entra ID, ensuring high availability and alignment with security and compliance requirements.

• Ensure architectural decisions and implementations meet or exceed identity governance requirements aligned with SOX, PCI DSS, and other relevant compliance standards.

• Collaborate with Infrastructure, Security, and Application teams to ensure frictionless integration with enterprise systems and SaaS platforms.

• Proactively identify risks and blockers in identity architecture or execution, and drive solutions forward.

• Maintain tight alignment with TKO stakeholders and cross-functional delivery teams.

• Occasionally, you may be requested to travel and work long days and weekends during critical change events to support identity orchestration and migration efforts architecturally.

SKILLS & ABILITIES

• Architectural Leadership: Able to design, articulate, and defend identity architecture decisions across hybrid environments (Okta, AD, Entra ID).

• Extreme Ownership: adopts the leadership philosophy that means taking accountability for failures, setbacks, and results within your sphere of influence, even those caused by others on your team.

• Execution-Focused: Operates with urgency and accountability; drives deliverables forward without constant oversight.

• Cross-Platform Expertise: Strong understanding of identity federation, SCIM provisioning, authentication protocols (SAML, OIDC, OAuth), and lifecycle automation.

• Analytical Thinking: Able to break down complex technical problems and deliver practical, scalable solutions.

• Documentation Excellence: Produces clear, detailed, and professional HLDs, LLDs, runbooks, and process diagrams.

• Mentorship & Collaboration: Capable of guiding junior engineers and collaborating effectively across infrastructure, security, and application teams.

• Communication: Strong written and verbal communication skills; able to influence stakeholders and explain complex concepts to technical and non-technical audiences.

• Comfort with Ambiguity: Thrives in environments where direction is still forming and able to bring structure and clarity to grey areas.

• Resilience: Maintains focus and composure under pressure in fast-moving, high-visibility environments.

• Customer Orientation: Keeps business impact front of mind; balances technical excellence with pragmatic execution

Required:

• Bachelor’s degree in computer science, Information Technology, Engineering, or a related field, or equivalent hands-on experience.

• 8+ years of experience in identity and access management, enterprise infrastructure

• Demonstrated experience leading identity architecture and delivery for large-scale, hybrid environments.

Hands-on, expert-level proficiency with:

• Okta Identity Cloud (SSO, MFA, Workflows, Lifecycle Management, Identity Governance)

• Microsoft Active Directory (forest/domain design, GPOs, trusts, replication)

• Microsoft Entra ID / Azure AD (hybrid join, conditional access, identity federation)

Desirable project experience:

• Development and operationalization of an automated identity lifecycle management (ILM) processes, using Workday, Okta Workflows, Active Directory, Microsoft Entra ID / Azure AD, and Identity Governance tools.

• Successful implementation of a greenfield Okta environment, including directory integration, policy configuration, and application onboarding.

• Experience supporting identity and access projects in regulated industries with alignment to compliance frameworks such as SOX, PCI DSS, or NIST.  

• End-to-end participation in enterprise IAM modernization efforts such as privileged access management (PAM), privileged identity management (PIM), and phishing-resistant MFA (e.g., Microsoft Passkey, FastPass, Yubikey, FIDO2).

• Cross-functional leadership in M&A or divestiture-driven identity migrations, including TSA exit planning.

Preferred Certifications:

• Okta Certified Professional / Okta Certified Consultant

• Microsoft Certified: Identity and Access Administrator Associate (SC-300)

• Microsoft Certified: Azure Solutions Architect Expert

• Certified Information Systems Security Professional (CISSP) or GIAC certifications (IAM/GRC)

• Training or certification in Zero Trust Architecture, PIM/PAM Design, IAM Governance





Per local requirements and in the interest of transparency, the hourly rate shown below reflects the prevalent current hiring range for this position. Hiring pay rates are based on a number of factors, including location and may vary depending on job-related qualifications, knowledge, skills and experience. The company strives to provide locally competitive rewards packages, which include base rate along with, as applicable, short- and long-term incentives, growth and developmental opportunities, and robust benefits, such as health care, retirement, vacation and other paid time off, and additional offerings.




Hiring Rate Minimum:

$120,000 annually(minimum will not fall below the applicable State/local minimum salary thresholds)


Hiring Rate Maximum:

$160,000 annually



TKO is an Equal Opportunity Employer and complies with all applicable federal, state, and local laws regarding non-discrimination in employment. TKO makes employment decisions based on merit and qualifications, without considering an employee’s or applicant’s race, color, religion, sex, sexual orientation, gender identity or expression, national origin, age, disability, marital status, veteran status, or any other basis prohibited under federal, state or local laws governing non-discrimination in employment in every location in which the Company has facilities. TKO also provides reasonable accommodations for qualified individuals with disabilities in accordance with the Americans with Disabilities Act (ADA) and applicable state or local laws. For information about Privacy and Information Security for TKO employment candidates, please review our Privacy Policy. For information regarding Terms of Use for this and other TKO websites, please review our Terms of Use.