Brown Gibbons Lang & Company (BGL) is a leading independent investment bank and financial advisory firm focused on the global middle market. We advise private and public corporations and debt and equity sponsors on mergers and acquisitions, capital markets, financial restructurings, valuations and opinions, real estate, and other strategic matters. BGL has investment banking offices in Boston, Chicago, Cleveland, Los Angeles, and New York, and real estate offices in Chicago and Cleveland. The firm is also a founding member of REACH Cross-Border Mergers & Acquisitions, enabling BGL to service clients in 30 countries around the world. On every engagement, our clients receive senior-level attention from experienced bankers who bring a wealth of industry knowledge, transaction expertise, and deep relationships with key players in a broad range of industries.
Our success and growth is due to the expertise, passion, and commitment of our team. We value our employees and invest in their development, recognizing that their talent is the foundation of the exceptional service we deliver to BGL clients.
The Systems & Cloud Administrator works in support of the Director of Information Technology across BGL’s core platforms: identity, endpoint, and security operations in Microsoft 365; cloud infrastructure and governance in Azure; and managed data integration and warehousing in Fivetran and Snowflake. The Director leads strategy and most initiatives; this role assists with day-to-day administration and execution while building enough depth across each domain to operate the environment independently and provide continuity for the organization should the Director be unavailable. The position is a key part of BGL’s IT capability buildout and is intended to reduce single-person dependency (bus-factor risk) as the firm scales.
Over time, there will be opportunities to contribute to the firm’s broader technology and AI initiatives, helping ensure the data environment is well-governed and ready to support new tools and capabilities as they emerge. The ideal candidate pairs hands-on cloud and Snowflake administration experience with a security-first mindset and an interest in how data infrastructure supports emerging technologies.
Key Responsibilities
Working under the direction of the Director of Information Technology, the Systems & Cloud Administrator assists across the areas below while developing the cross-domain familiarity needed to provide independent coverage and organizational continuity.
Microsoft 365 & Identity Administration
-
Tenant administration — Support administration of the Microsoft 365 E7 tenant, including Exchange Online, SharePoint Online, Teams, and OneDrive, maintaining enough familiarity to operate the tenant independently when needed.
-
Microsoft Entra ID — Assist with identity and access management in Entra ID, including Conditional Access policies, Multi-Factor Authentication, SSO/SAML enterprise applications, group and license assignment, and SCIM-based user provisioning.
-
Identity governance — Help operate Privileged Identity Management, Access Reviews, and Entitlement Management to support least-privilege access and periodic access certification for regulated systems.
-
Microsoft Entra Suite — Assist with administration of the Entra Suite included with the E7 tier, including Entra Internet Access and Entra Private Access (Security Service Edge / Zero Trust network access) and Entra ID Governance access packages and lifecycle workflows.
-
Lifecycle automation — Help build and maintain onboarding, offboarding, and role-change automation (e.g., Azure Automation runbooks, PowerShell, Graph API) to support a growing analyst population with minimal manual effort.
Endpoint Management & Device Deployment
-
Microsoft Intune — Assist with device enrollment, compliance policies, configuration profiles, and application deployment across Windows endpoints.
-
Windows Autopilot — Support zero-touch provisioning for new workstations, help maintain deployment profiles and Enrollment Status Page configuration.
-
Application & patch delivery — Assist with software packaging, deployment, and patching across the fleet, working with existing tooling (PDQ Connect) and endpoint controls (ThreatLocker) for application allowlisting.
-
Endpoint analytics — Monitor device health, performance, and utilization to inform hardware refresh decisions and help remediate at-risk endpoints.
Security & Compliance Operations
-
Microsoft Defender — Assist with administration of Defender XDR across endpoint, identity, Office 365, and cloud apps; triage and respond to alerts, support investigation and threat hunting under the direction of the Director of IT.
-
Incident response support — Support investigation and containment of security incidents, and participate in tabletop exercises under the direction of the Director of IT.
-
Microsoft Purview — Help configure and maintain Data Loss Prevention, retention policies, sensitivity labels, Communication Compliance, eDiscovery, and audit — supporting the firm’s FINRA and SEC recordkeeping and supervision obligations.
-
Microsoft 365 Copilot governance — Assist with administration and governance of Microsoft 365 Copilot, helping ensure Copilot honors sensitivity labels and that prompts and responses remain within Purview audit, retention, Data Loss Prevention, and Communication Compliance controls; AI compliance controls are owned within IT, coordinating with the Enterprise Intelligence & AI team on adoption.
-
Insider Risk Management — Support configuration of Microsoft Purview Insider Risk Management and Adaptive Protection to detect and respond to risky data handling and potential exfiltration, reinforcing the firm’s supervision obligations.
-
Regulated archiving — Support electronic communications capture and archiving (Smarsh) and help ensure retention and supervision configurations align with broker-dealer requirements.
-
Security posture & awareness — Help track Secure Score and exposure findings, maintain security baselines, and support the security-awareness and phishing-simulation program (Defender Attack Simulation Training).
-
AI agent governance — Assist in establishing visibility and controls over AI agents — including discovery and blocking of unsanctioned local AI agents on endpoints and oversight of agent identity and registry — to help manage shadow-AI risk as the firm adopts AI capabilities.
Deal Technology & Confidentiality Support
-
Deal & client technology — Assist deal teams with virtual data rooms, secure file sharing (ShareFile), and deal-related collaboration, supporting tight timelines and handling confidential deal data appropriately.
-
Information barriers & confidentiality — Assist with administering ethical-wall and information-barrier configurations (e.g., Microsoft Purview Information Barriers) and follow strict material non-public information (MNPI) and confidentiality handling practices.
Cloud (Azure) Administration
-
Subscription & resource governance — Assist with administration of Azure subscriptions, resource groups, RBAC, tagging, and policy; help monitor cost and right-size cloud resources.
-
Storage & file services — Support Azure Files and related storage, including migration support, performance tuning, and integration with on-premises and hybrid file access.
-
Automation & infrastructure — Help develop and maintain automation using PowerShell, Azure Automation, and infrastructure-as-code practices to make cloud operations repeatable and auditable.
-
Connectivity support — Support the networking function on cloud connectivity (e.g., ExpressRoute, Meraki SD-WAN integration) to help ensure reliable, secure access to cloud and data services across all offices.
Data Platform Administration (Fivetran & Snowflake)
-
Snowflake administration — Assist with administration of the Snowflake environment, including warehouses, databases, schemas, roles, and role-based access control; help monitor query performance, credit consumption, and resource monitors for cost governance.
-
Engineer partnership — Partner with the Data & AI Engineer, who owns pipeline and solution development, maintaining a clear split: this role administers the platform (access, security, cost, backup) while the engineer builds on it.
-
Fivetran pipelines — Support configuration, monitoring, and troubleshooting of Fivetran connectors and sync schedules that ingest data from line-of-business and sources into Snowflake; help manage schema drift and pipeline failures.
-
Dataset organization — Help organize and structure datasets for analytics use — schemas, table and naming conventions, and curated data layers — so that data is discoverable, consistent, and reliable for downstream consumers.
-
Data governance & security — Assist with access controls, masking, and auditing in the data platform consistent with the firm’s compliance posture, coordinating with security tooling to protect sensitive and regulated data.
-
Enablement — Support analytics, reporting, and downstream consumers by helping maintain reliable, well-documented data availability and onboarding new data sources as the platform matures.
IT Operations & Continuity
-
Escalation support — Provide escalation support for complex incidents and service requests routed through the service desk (FreshService), working through to resolution in partnership with the Director of IT.
-
Documentation & knowledge capture — Maintain accurate system, configuration, and process documentation — a core part of this role — so that operational knowledge is captured and the organization is not dependent on any single individual.
-
Continuity & coverage — Cross-train across each platform and provide backup coverage for the Director of Information Technology, with the goal of sustaining operations independently during absences or transitions.
-
Backup & recovery support — Assist with backup and disaster-recovery operations and participate in business continuity plan (FINRA Rule 4370) testing.
-
Vendor & MSP coordination — Assist in coordinating with the firm’s managed service provider and key technology vendors on projects, escalations, and roadmap items.
-
Maintenance windows — Support and execute changes during approved windows, including occasional after-hours work to minimize business disruption.
Required Qualifications
- Bachelor’s degree in information technology, computer science, or a related field preferred; substantial professional experience may outweigh formal education.
- 6+ years of hands-on experience administering or supporting Microsoft 365 and Azure in a production enterprise environment.
- Working, hands-on experience with Microsoft Entra ID (Conditional Access, MFA, SSO, provisioning), Microsoft Intune, and Windows Autopilot.
- Working knowledge of Microsoft Defender and Microsoft Purview, including security alert handling and compliance configurations (DLP, retention, sensitivity labels, eDiscovery).
- Proficiency with PowerShell for administration and automation; familiarity with the Microsoft Graph API.
- Experience supporting Azure subscriptions, RBAC, storage, and cost governance.
- Strong troubleshooting, documentation, and communication skills, with the ability to work collaboratively in support of the Director of IT and independently when providing coverage.
Preferred Qualifications
- Hands-on experience administering or supporting Snowflake (warehouses, RBAC, performance, and cost management) and managing Fivetran (or comparable ELT/data-integration) connectors and pipelines.
- Prior experience organizing and structuring datasets — data modeling, schema design, and establishing naming and curation standards for analytics consumption.
- Experience in financial services, a FINRA-regulated broker-dealer, or another regulated environment, with awareness of SEC/FINRA recordkeeping and supervision requirements.
- Familiarity with endpoint security tooling (ThreatLocker), software deployment (PDQ Deploy/Connect), and regulated archiving (Smarsh).
- Exposure to modern data and analytics tooling such as Power BI and Microsoft Fabric, and to AI/data-platform initiatives.
- Experience supporting hybrid connectivity (ExpressRoute, SD-WAN) and multi-site environments.
#LI-LP1
Equal Employment Opportunity (EEO)
BGL is an Equal Employment Opportunity (EEO) employer and all qualified applicants will receive consideration for employment without regard to race, color, national origin, religion, gender, age, veteran status, political affiliation, sexual orientation, marital status, or disability (in compliance with the Americans with Disabilities Act), or any other legally protected status, with respect to employment opportunities.
BGL cares about our employees. We offer generous benefits, including medical, vision, dental, PTO, 401k with employer match, paid holidays, cell phone reimbursement, and more.