Workforce Identity and Directory Services, VP Enterprise Technology

Blackstone is the worlds largest alternative asset manager. We seek to create positive economic impact and long-term value for our investors the companies we invest in and the communities in which we work. We do this by using extraordinary people and flexible capital to help companies solve problems. Our $1.1 trillion in assets under management include investment vehicles focused onprivate equity real estate public debt and equity infrastructure life sciences growth equity opportunistic non-investment grade credit real assets and secondary funds all on a global information is available at . Follow @blackstone onLinkedInX andInstagram.

Role Overview

The Vice President Workforce Identity and Directory Services serves as the primary owner of all Active Directory related infrastructure and strategy. This role leads the design governance and modernization of the enterprise identity platform across on-premises hybrid and cloud environments. The VP is responsible for developing long-term technology roadmaps driving security best practices and partnering with Security Infrastructure and Application teams to deliver scalable resilient identity services aligned with business objectives.

Key Responsibilities

• Serve as the primary owner and point-of-contact for all Active Directory infrastructure strategy and operations across on-premises and cloud environments.

• Lead and execute a long-term technology roadmap to modernize the Active Directory environment including forest and domain consolidation AD tiering model implementation strategic reduction and decommissioning of on-premises domain controllers and accelerating workload migration from on-premises AD to Microsoft Entra ID.

• Architect and govern enterprise Active Directory Domain Services (AD DS) Active Directory Certificate Services (AD CS) DNS and DHCP PKI ensuring high availability disaster recovery readiness and security at scale.

• Drive the adoption and optimization of Microsoft Entra ID security features including Conditional Access Identity Protection Identity Governance Workload Identities and Entra Permissions Management.

• Govern Entra ID external collaboration and application identity including cross-tenant access policies B2B guest account lifecycle app registration and enterprise application management API permission and consent policy governance and service principal security and credential rotation.

• Manage hybrid Active Directory environments including Azure AD Connect / Cloud Sync configuration seamless SSO pass-through authentication and directory synchronization health monitoring.

• Design and enforce Group Policy architecture at scale including GPO lifecycle management security baselines and policy inheritance strategies across complex OU structures.

• Establish and enforce identity security best practices policies and standards across the organization in alignment with zero trust principles and AD tiering models (Enhanced Security Admin Environment).

• Oversee Kerberos NTLM LDAP and certificate-based authentication protocols driving migration away from legacy protocols toward modern authentication standards.

• Lead AD Forest and domain trust management replication topology optimization Sites and Services configuration and schema extension governance.

• Partner with Security Compliance and Risk teams to ensure identity infrastructure meets regulatory and audit requirements including SOX NIST and industry-specific mandates.

• Oversee incident response disaster recovery and root cause analysis for identity-related security events AD replication failures and service disruptions.

• Evaluate emerging identity technologies and industry trends including passwordless authentication decentralized identity and AI-driven threat detection to inform strategic planning and investment decisions.

Required Qualifications

• 10 years of progressive experience in IT infrastructure with a focus on Active Directory and identity management including at least 5 years in an architect or senior engineering capacity.

• Deep knowledge of Microsoft 365 from an identity and access management perspective including Exchange Online SharePoint Online and Teams integration with Entra ID M365 group and license management app consent frameworks service principals and Microsoft 365 Defender for identity related threat detection.

• Deep fluency in authentication and federation protocols including SAML OAuth 2.0 OpenID Connect WS-Federation Kerberos LDAP and NTLM with a track record of migrating environments away from legacy protocols.

• Experience implementing passwordless authentication strategies including FIDO2 Windows Hello for Business and certificate-based authentication via PKI.

• Hands-on experience with Active Directory security assessment and hardening tools such as BloodHound PingCastle and Purple Knight for attack path analysis and security posture evaluation.

• Knowledge of service account governance including Group Managed Service Accounts (gMSA) and endpoint security tooling such as LAPS.

• Proficiency with PowerShell Terraform DSC and Microsoft Graph API for identity infrastructure automation reporting and configuration drift detection.

• Working knowledge of NIST SOX or other regulatory compliance frameworks as they relate to identity management and PKI governance.

• Microsoft certifications such as Microsoft Certified: Identity and Access Administrator Associate Azure Solutions Architect Expert or Cybersecurity Architect Expert.

• Proven track record of building mentoring and managing high-performing identity engineering teams.

• Excellent communication and stakeholder management skills to include translating complex identity concepts for non-technical audiences and influence at all levels of the organization.

Preferred Qualifications

• Identity architecture and strategic technology vision

• Enterprise security and zero trust mindset

• Deep technical problem solving across complex multi-forest AD environments

• Stakeholder management and executive communication

• Strong ownership accountability and bias toward action

• Experience in financial services private equity or other highly regulated industries.

The duties and responsibilities described here are not exhaustive and additional assignments duties or responsibilities may be required of this position. Assignments duties and responsibilities may be changed at any time with or without notice by Blackstone in its sole discretion.

Expected annual base salary range:

Actual base salary within that range will be determined by several components including but not limited to the individuals experience skills qualifications and job location. For roles located outside of the US please disregard the posted salary bands as these roles will follow a separate compensation process based on local market comparables.

Additional compensation and benefits offered in connection with the role consist of comprehensive health benefits including but not limited to medical dental vision and FSA benefits; paid time off; life insurance; 401(k) plan; and discretionary bonuses. Certain employees may also be eligible for equity and other incentive compensation at Blackstones sole discretion.

Blackstone is committed to providing equal employment opportunities to all employees and applicants for employment without regard to race color creed religion sex pregnancy national origin ancestry citizenship status age marital or partnership status sexual orientation gender identity or expression disability genetic predisposition veteran or military status status as a victim of domestic violence a sex offense or stalking or any other class or status in accordance with applicable federal state and local laws. This policy applies to all terms and conditions of employment including but not limited to hiring placement promotion termination transfer leave of absence compensation and training. All Blackstone employees including but not limited to recruiting personnel and hiring managers are required to abide by this policy.

If you need a reasonable accommodation to complete your application please contact Human Resources at (US) 44 (0)(EMEA) or(APAC).

Depending on the position you may be required to obtain certain securities licenses if you are in a client facing role and/or if you are engaged in the following:

• Attending client meetings where you are discussing Blackstone products and/or and client questions;

• Marketing Blackstone funds to new or existing clients;

• Supervising or training securities licensed employees;

• Structuring or creating Blackstone funds/products; and

• Advising on marketing plans prepared by a sales team or developing and/or contributing information for marketing materials.

Note: The above list is not the exhaustive list of activities requiring securities licenses and there may be roles that require review on a case-by-case basis. Please speak with your Blackstone Recruiting contact with any questions.

To submit your application please complete the form below. Fields marked with a red asterisk * must be completed to be considered for employment (although some can be answered prefer not to say). Failure to provide this information may compromise the follow-up of your application. When you have finished click Submit at the bottom of this form.