Director of Product Management, EIAM – Authorization (Global Security)

About The Position

Requirements

• 12+ years in product management or technical leadership, with minimum 7 years in Identity and Access Management (IAM), Authorization, or Access Control systems
• 5+ years hands-on experience designing or implementing authorization platforms (policy engines, entitlement management, access control frameworks)
• Deep expertise in authorization technologies: RBAC, ABAC, XACML, OAuth 2.0, SAML, API security, and policy-driven access control
• Strong understanding of enterprise security architecture, Zero Trust models, and least-privilege principles
• Proven experience translating business and compliance requirements into authorization policy frameworks
• Demonstrated ability to lead cross-functional teams in complex, regulated environments (banking/financial services preferred)
• Proficiency with agile product delivery and automation frameworks

Nice To Haves

• Experience with policy information points (PIPs), policy decision points (PDPs), and policy engines (e.g., AWS IAM, Azure RBAC, custom policy engines)
• Background in cybersecurity, GRC (Governance, Risk, Compliance), or identity governance
• Knowledge of financial services regulatory requirements (FRB, Part 30, OSFI, Basel, SOX)
• Familiarity with Just-In-Time Access (JIT), Privileged Access Management (PAM), and identity risk scoring
• Experience with microservices architecture, API security, and cloud authorization models
• Track record with AI/ML applications in security and access control
• Knowledge of RBC's technology stack or similar enterprise banking platforms

Responsibilities

• Authorization Platform Product Management Own end-to-end product strategy and roadmap for authorization capabilities: policy engines, entitlement management, access decision frameworks, and real-time enforcement
• Define authorization patterns and standards (ABAC, RBAC, attribute-based policy models) that scale across RBC's diverse application ecosystem
• Lead requirements definition for policy information points (PIPs) and policy decision points (PDPs) enabling dynamic, risk-informed access decisions
• Establish authorization best practices, frameworks, and guardrails aligned with Zero Trust Architecture principles
• Risk-Informed Authorization Strategy Integrate identity risk scoring, HR performance data, and critical application sensitivity into real-time authorization decisions
• Define product requirements for JIT access models that shift from standing access to time-limited, context-aware provisioning
• Develop authorization policies that evolve based on risk signals (anomalous behavior, policy violations, regulatory triggers)
• Establish audit, logging, and compliance reporting capabilities for all authorization decisions and policy enforcement
• Policy & Compliance Management Drive authorization policy harmonization across lines of business, reducing inconsistency and risk exposure
• Ensure authorization capabilities meet regulatory requirements (FRB, Part 30, OSFI, SOX, GLBA)
• Define separation of duties (SoD), conflict of interest (CoI), and policy violation detection and remediation workflows
• Establish compliance monitoring and 3LOD independent review processes for authorization controls
• Enterprise Integration & Standardization Define integration patterns for authorization across applications, APIs, microservices, and cloud environments
• Lead standardization of authorization frameworks to reduce application sprawl and inconsistent access control implementations
• Develop product requirements for API-first authorization services enabling ease of adoption by application teams
• Collaborate with architecture and infrastructure teams to embed authorization enforcement at scale
• AI-Enhanced Authorization Define requirements for AI/ML capabilities in authorization: intelligent policy recommendations, anomaly detection, access pattern analysis
• Establish governance frameworks for AI-driven authorization decisions, including explainability and audit capabilities
• Develop use cases for Agentic AI in policy optimization, entitlement analytics, and access review automation
• Ensure responsible AI principles are embedded in authorization product enhancements
• Cross-Functional Leadership Lead product management working groups with Engineering, Architecture, Security, Compliance, and Application Teams
• Communicate authorization strategy and product roadmap to executive sponsors and business leaders
• Manage relationships with application owners, security teams, and compliance stakeholders
• Mentor product management team members on authorization strategy and best practices

Benefits

• A comprehensive Total Rewards Program including bonuses and flexible benefits, competitive compensation, commissions, and stock where applicable
• Leaders who support your development through coaching and managing opportunities
• Ability to make a difference and lasting impact
• Work in a dynamic, collaborative, progressive, and high-performing team
• Flexible work/life balance options
• Opportunities to do challenging work
• Opportunities to take on progressively greater accountabilities
• Access to a variety of job opportunities across business