Head of IAM Controls & Governance

Job Description:

Position Summary: The Head of Identity & Access Management (IAM) Controls & Governance is a senior leadership role responsible for developing, implementing, and overseeing the organization's IAM strategies, policies, and procedures. This position ensures that all IAM processes comply with regulatory requirements and align with the organization's objectives, thereby safeguarding sensitive information and maintaining robust access controls.

Strategic Leadership:

• Develop and execute a comprehensive IAM strategy that aligns with organizational goals and regulatory requirements.
• Lead the design and implementation of IAM frameworks, including policies, standards, and procedures.

• Ensure IAM programs comply with organizational and regulatory requirements.
• Review procedures related to data collection, storage, retrieval, and disclosure to ensure compliance with data protection regulations.
• Coordinate internal and external audit-related tasks to facilitate timely resolution of audit findings.

• Conduct ongoing reviews of IAM programs to identify and mitigate risks.
• Recognize potential areas where existing policies, standards, and procedures require change, and recommend solutions to address identified gaps.
• Experience reviewing / updating Policy, Standards and Procedures in the context of NIST, COBIT, ISO 27000 frameworks.
• Experience building and conducting Risk Control Self Assessments
• Experience developing related KRIs, establishing thresholds and building out risk heatmaps/dashboards to drive transparency

• Manage and mentor a team of IAM professionals, fostering a culture of continuous improvement and professional development.
• Provide functional leadership during technology enhancements, upgrades, and implementations, working successfully as a liaison with various internal business and technical partners.

• Collaborate with IT, cybersecurity, audit, compliance, legal, and other stakeholders to define access policies, user roles, and access control procedures.
• Advise clients in assessing security requirements and controls to ensure security and compliance controls are implemented as planned.

• Bachelor's degree in Information Security, Computer Science, or a related field; advanced degrees preferred.

• Minimum of 8 years of experience in IAM or a related field, with at least 5 years in a leadership or managerial role.
• Demonstrated experience in developing and implementing IAM strategies and frameworks.
• Experience with identity and access management tools, such as Active Directory, LDAP, and Azure AD.

• Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Information Systems Auditor (CISA) are highly desirable.

• Strong understanding of IAM concepts, including role-based access control, single sign-on, and identity federation.
• Excellent project management skills with the ability to manage multiple initiatives simultaneously.
• Strong analytical and problem-solving abilities.
• Exceptional communication and interpersonal skills, with the ability to effectively communicate complex technical concepts to non-technical stakeholders.

• Experience in the technology or financial services industry.
• Familiarity with regulatory requirements related to IAM, such as PCI DSS, HIPAA, or GDPR.
• Experience with cloud-based IAM solutions and services.