AVP Identity & Access Management

About The Position

Requirements

• Bachelor’s degree in information security, Computer Science, or a related discipline, or equivalent practical experience.
• Experience operating and supporting enterprise IAM and PAM environments in a regulated organization.
• Experience leading or supervising cybersecurity or IAM-focused teams.
• Experience partnering with application and infrastructure teams to remediate access risks and implement controls.
• A minimum of 8 years of experience in Identity and Access Management or related cybersecurity roles.
• Hands-on experience with IAM and PAM tools such as SailPoint, Microsoft PIM, Azure AD/Entra ID, Purview, and Delinea (or similar platforms).
• Working knowledge of scripting or automation technologies (e.g., PowerShell, Python) preferred.
• Industry certifications such as CISSP, CISM, Security+, or IAM-specific certifications are desirable.
• Working knowledge of regulatory and control frameworks such as SOX, SOC1, SOC2, or similar security and compliance standards.
• Strong technical understanding of IAM, RBAC, and PAM concepts with the ability to apply them in real-world environments.
• Demonstrated ability to execute complex initiatives and manage competing operational priorities.
• Clear and effective communicator, capable of engaging both technical teams and non-technical stakeholders.
• Detail-oriented with strong analytical and problem-solving skills.
• Proven experience supporting audits and regulatory reviews within financial services or similarly regulated industries.
• Ability to lead teams through operational stress related to access outages, incidents, and audit findings.
• Experience working closely with senior leadership to implement security strategy at scale.

Nice To Haves

• Working knowledge of scripting or automation technologies (e.g., PowerShell, Python) preferred.
• Industry certifications such as CISSP, CISM, Security+, or IAM-specific certifications are desirable.

Responsibilities

• Provide strategic and operational leadership for IAM detective control execution, ensuring consistent, high-quality control performance across teams, platforms, and business units.
• Establish and oversee execution standards for enterprise IAM detective controls, including access certifications, role and entitlement reviews, authentication configuration assessments, access monitoring, and exception management.
• Ensure IAM detective controls are not only operating effectively, but are designed to scale, adapt to risk, and evolve with changes in business processes, systems, and regulatory requirements.
• Direct the prioritization, investigation, escalation, and remediation of access issues identified through detective controls, ensuring timely resolution and clear ownership across engineering, operations, and application teams.
• Maintain executive accountability for control outcomes by tracking issues, themes, and remediation progress through closure, validating risk reduction and sustainable improvements.
• Lead IAM security monitoring and incident support capabilities, ensuring readiness, consistency, and effective decision making during access related security events.
• Align with VP and set expectations and direction for teams responsible for IAM and PAM logging, alerting, monitoring, and certification evidence, ensuring alignment with broader security operations practices.
• Ensure IAM and PAM activity is consistently monitored for anomalous behavior, unauthorized access, excessive privilege usage, and indicators of compromise, with clear escalation paths and response playbooks.
• Provide day to day leadership oversight during identity related security incidents, investigations, and penetration testing activities, ensuring effective coordination between IAM, SOC, incident response, and engineering teams.
• Ensure IAM and PAM data is leveraged effectively to support investigations, forensic analysis, audits, and regulatory inquiries, with a focus on accuracy, timeliness, and completeness.
• Drive maturation of IAM control processes and capabilities through automation, standardization, and scalable operating models.
• Align with VP and set expectations and direction and priorities for automating IAM detective control execution, reporting, and evidence collection, balancing risk reduction with operational efficiency.
• Ensure teams actively identify and remediate manual, brittle, or spreadsheet driven processes, replacing them with sustainable workflows and platform based capabilities.
• Partner with IAM engineering and platform leadership to improve identity data quality, entitlement clarity, metadata completeness, and overall tooling reliability.
• Establish continuous improvement practices using metrics, root cause analysis, audit feedback, and post incident reviews to evolve IAM control effectiveness over time.
• Own audit readiness and risk outcomes for IAM detective controls, ensuring sustained compliance and defensible control posture.
• Ensure IAM detective control operations consistently meet regulatory, policy, and enterprise risk management expectations (e.g., SOX, PCI, SOC1, SOC2, FFIEC).
• Direct audit preparation activities across teams, including evidence delivery, control walkthroughs, documentation quality, and responsiveness to auditor inquiries.
• Accountable for timely and effective remediation of audit findings related to IAM detective controls, ensuring root causes are addressed—not just symptoms.
• Serve as a senior IAM risk partner to compliance, audit, and risk management teams, proactively identifying control gaps and driving corrective action plans.
• Lead IAM detective control operations as an enterprise capability, aligning people, process, and technology to organizational risk and security objectives.
• Provide leadership and direction to managers and engineers responsible for IAM control execution, monitoring, and reporting, ensuring clear accountability and performance expectations.
• Act as the primary operational liaison between IAM, security operations, engineering, application teams, and risk stakeholders for detective control matters.
• Deliver clear, concise, and actionable reporting on control performance, risk trends, systemic issues, and improvement initiatives to the VP of Identity and Access and senior stakeholders.
• Represent IAM operations in governance forums, risk committees, and security leadership discussions, providing operational insight and informed recommendations.

Benefits

• Medical, Dental, and Vision
• 401(k) Plan with Company Match
• Short- & Long-Term Disability
• Wellness Programs
• Group Life and AD&D Insurance
• Paid Vacation, Sick Days and bank Holidays
• Employee Engagement Activities including Employee Appreciation Day, DEI Employee Resource Groups, Corporate Social Responsibility, Service Recognition