IT Operations Manager and Systems Administrator

IT Operations Manager and Systems Administrator

Hands-On IT Operations, Help Desk, Identity, Access, SSO, and Security Administration

Role Summary

TheIT Operations Manager and Systems Administrator is a hands-on role responsible for running day-to-day IT operations while improving the company’s systems, access controls, support processes, and security posture.

The right person must be comfortable personally doing the work: resolving tickets, managing the Help Desk, provisioning and deprovisioning users, configuring SSO, maintaining Microsoft 365, managing devices, cleaning up access, supporting security controls, and tracking which systems exist and who has access to them.

This role requires someone who can both manage IT support associates and jump into the queue, troubleshoot issues, document processes, clean up systems, and execute operational improvements. Success will come from stronger control over users, devices, applications, access, and day-to-day IT service delivery.

This Role Is for Someone Who

• Enjoys hands-on IT administration and problem-solving
• Is willing to work directly in systems, tickets, admin portals, and documentation
• Can manage the Help Desk while also serving as an escalation point
• Takes ownership of provisioning, access cleanup, SSO, device management, and security controls
• Is comfortable with both routine operational work and improvement projects
• Wants to make the environment cleaner, more reliable, more secure, and easier to manage

Core Responsibilities

IT Operations and Help Desk Management

• Run daily IT support operations across corporate and field locations
• Manage remote and in-house Help Desk associates
• Monitor ticket intake, prioritization, escalation, and resolution
• Personally handle escalated, complex, or high-impact support issues
• Ensure consistent use of ticketing, documentation, and support processes
• Identify recurring issues and resolve root causes
• Improve Help Desk responsiveness, accountability, and service quality
• Support end users directly when needed, including hardware, software, access, device, and account issues

Systems Administration

• Administer and improve Microsoft 365, Entra ID, Intune, SharePoint, and related systems
• Maintain system configurations, groups, permissions, policies, and administrative settings
• Identify and clean up legacy configurations, stale accounts, unused groups, and inconsistent settings
• Troubleshoot system, user, device, and application issues
• Maintain documentation for systems, processes, access, ownership, and support procedures
• Track all key business and IT systems, including owners, users, access levels, and support contacts

Identity, Access and Provisioning

• Own user provisioning, deprovisioning, and role-change processes
• Ensure timely and accurate account creation, access assignment, and access removal
• Maintain access control standards across Microsoft 365, Entra ID, SaaS platforms, and business applications
• Implement and maintain RBAC, security groups, dynamic groups, and access structures
• Support periodic access reviews and permission cleanup
• Partner with HR and business teams to align employee lifecycle events with access changes
• Reduce manual provisioning where practical through workflow improvements and automation

SSO, Authentication and Access Control

• Configure, maintain, and troubleshoot SSO integrations for business applications
• Support SAML, OIDC, MFA, Conditional Access, and related identity controls
• Maintain accurate documentation of SSO-enabled applications and access requirements
• Troubleshoot login, authentication, permissions, and account synchronization issues
• Support the transition from hybrid Active Directory to Entra ID where appropriate
• Ensure access is secure, auditable, and aligned to business roles

Endpoint and Device Management

• Manage endpoint devices using Intune and related Microsoft tools
• Support device provisioning, configuration, compliance, retirement, and replacement
• Maintain device standards for patching, encryption, endpoint protection, and configuration
• Support deployment processes such as Autopilot
• Track devices, assigned users, compliance status, and lifecycle stage
• Resolve endpoint issues involving laptops, mobile devices, applications, updates, and security policies

Cybersecurity Operations and Tactical Controls

• Support practical cybersecurity controls across users, devices, applications, and access
• Implement and maintain MFA, Conditional Access, endpoint protection, patching, and device compliance standards
• Support application allows listing/whitelisting and access restriction efforts
• Help identify risky access, stale accounts, unmanaged devices, weak configurations, and policy gaps
• Assist with security-related tickets, investigations, remediation tasks, and audit requests
• Maintain clean records of systems, access, administrative privileges, and security exceptions
• Partner with leadership and external security resources as needed to execute security improvements

System Inventory, Ownership and Access Tracking

• Maintain an accurate inventory of IT systems, business applications, vendors, administrators, and users
• Track who has access to each system and what level of access they have
• Identify orphaned systems, unknown owners, unmanaged access, and outdated permissions
• Establish repeatable processes for system ownership, access reviews, and lifecycle management
• Ensure documentation stays current as people, roles, and systems change

Process Improvement and Automation

• Improve onboarding, offboarding, access requests, device provisioning, and support workflows
• Create repeatable, documented processes that reduce manual effort and errors
• Use Microsoft 365 tools, Power Automate, scripting, or other practical methods to automate routine work
• Standardize how requests are submitted, approved, fulfilled, and documented
• Focus on operational improvements that make IT easier to run, easier to audit, and easier to support

Success Measures

Success in this role will be measured by practical, visible improvements, including:

• Faster and more reliable onboarding and offboarding
• More accurate provisioning and deprovisioning of user access
• Reduced ticket volume, repeat issues, and unresolved escalations
• Cleaner Microsoft 365, Entra ID, Intune, and SharePoint environments
• Improved Help Desk performance and accountability
• Better visibility into systems, owners, users, and access levels
• Stronger MFA, Conditional Access, endpoint compliance, and access control posture
• Fewer stale accounts, unused groups, unmanaged devices, and undocumented systems
• Increased automation of routine IT tasks
• Improved documentation and operational consistency

First 90-Day Expectations

Within the first 90 days, this person should be able to:

• Take ownership of Help Desk operations and escalation processes
• Understand the current Microsoft 365, Entra ID, Intune, device, and access environment
• Identify immediate risks related to stale accounts, access gaps, device compliance, and provisioning
• Begin cleanup of users, groups, permissions, devices, and legacy configurations
• Build or improve system and access inventories
• Stabilize onboarding and offboarding processes
• Improve ticket handling, documentation, and operational accountability
• Deliver measurable progress on access control, support quality, and system hygiene

Required Experience and Skills

Technical Experience

• Hands-on administration of Microsoft 365, Entra ID, Intune, and SharePoint
• Experience supporting identity, access, provisioning, and deprovisioning processes
• Experience configuring or supporting SSO, MFA, Conditional Access, and security groups
• Familiarity with RBAC, dynamic groups, authentication, and access reviews
• Experience managing endpoints, device compliance, patching, encryption, and endpoint protection
• Experience supporting or migrating hybrid Active Directory environments
• Ability to troubleshoot user, device, application, access, and system issues
• Experience with Power Automate, scripting, or other automation tools is helpful

Operational Experience

• Experience running or actively supporting Help Desk operations
• Ability to manage support associates while remaining hands-on
• Strong ticket management, troubleshooting, documentation, and escalation skills
• Experience improving onboarding, offboarding, and access request workflows
• Ability to maintain system inventories, access records, and process documentation
• Comfort working in a multi-system environment with many users, devices, applications, and access relationships

Cybersecurity and Controls Experience

• Practical understanding of IT security operations and access control
• Experience supporting MFA, Conditional Access, endpoint compliance, patching, and user access reviews
• Ability to identify and remediate stale access, risky permissions, unmanaged devices, and configuration gaps
• Familiarity with application allowlisting/whitelisting, privileged access control, and security documentation
• Comfortable executing security improvements, not just recommending them

Working Style

The ideal candidate is:

• Hands-on, practical, and execution-focused while solving and executing on the overarching team goals and vision
• Comfortable doing detailed administrative work
• Willing to own tickets, systems, users, devices, and access issues through completion
• Organized and disciplined about documentation
• Strong at troubleshooting and root cause analysis
• Able to balance daily support needs with cleanup and improvement work
• Comfortable managing people, but not looking to step away from hands-on IT administration
• Focused on reliability, security, simplification, and operational accountability

Preferred Experience

• Experience transitioning from hybrid Active Directory to Entra ID
• Experience improving IT operations in a growing or distributed organization
• Experience implementing SSO across multiple SaaS applications
• Experience creating system inventories and access review processes
• Experience automating provisioning, deprovisioning, or ticket workflows
• Experience in security- or compliance-driven environments
• Experience supporting both corporate and field-based users

Environment:

• Exposure to a typical office environment

Physical Requirements:

 Avenue5 will make reasonable accommodations to enable individuals with disabilities to perform essential functions. These functions include, but are not limited to:

• Ability to lift, push, and pull up to 25 pounds
• Hearing and visual ability to observe and detect signs of an emergency are required
• Ability to remain stationary, move around, reach, and position oneself as needed for extended periods
• Ability to communicate and express or exchange ideas with others, as well as those activities in which they must convey detailed or important instructions to other works accurately, loudly, or quickly
• Ability to perceive the nature of sounds at normal speaking levels, including the ability to receive detailed information through oral communication, and to make the discrimination in sound
• Visual requirements, including color, depth perception, and field vision
• Ability to compare, copy, coordinate, synthesize, negotiate, communicate, and instruct
• Ability to tolerate stressful situations
• Ability to work under minimal to moderate supervision

This job description is not an all-inclusive list of functions and tasks. Over the length of employment, these functions and tasks may change.

Diversity:

Diversity creates a healthier atmosphere: Avenue5 is an Equal Employment Opportunity/Affirmative Action employer, and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, protected veteran status, disability status, sexual orientation, gender identity or expression, marital status, genetic information, or any other characteristic protected by law.