Pre-id: VP , P5, Risk & Resil Mgmt Mgr

Morgan Stanley•Boston, MA

13h

About The Position

The IAM Policy Lead (VP-P5) is responsible for driving the development, governance, and lifecycle management of Identity and Access Management (IAM) policies, standards, and procedures across the enterprise. This role sits within Cybersecurity / Technology Risk and serves as a key leader in shaping the firm's IAM control environment, ensuring alignment with regulatory expectations, industry frameworks, and internal risk objectives. The role requires strong leadership, cross-functional influence, and the ability to engage senior stakeholders to define and implement a cohesive IAM policy framework that supports secure, scalable, and compliant access management practices globally.

Requirements

8+ years of experience in Identity & Access Management, Cybersecurity, or Technology Risk, with a focus on policy, governance, or controls
Demonstrated experience in developing and implementing technology policies and standards.
Proven ability to lead complex, cross-functional programs in large enterprise environments.
Deep understanding of IAM domains (identity lifecycle, authentication, authorization, privileged access, entitlements governance)
Strong knowledge of regulatory and industry frameworks (e.g., NIST, FFIEC, PCI)
Excellent written and verbal communication skills, with ability to present to senior leadership.
Strong influencing and stakeholder management skills, especially in matrixed organizations.
Ability to translate technical controls into clear policy language and business requirements
Bachelor's degree required

Nice To Haves

advanced degree or relevant certifications (e.g., CISSP, CISM, CRISC) preferred.

Responsibilities

Lead the end-to-end lifecycle of IAM policies, standards, and procedures, including creation, approval, maintenance, and retirement.
Define and execute the IAM policy strategy, ensuring alignment with enterprise cybersecurity and technology risk frameworks.
Govern policy adherence across business units and technology divisions, ensuring consistency and control coverage.
Provide subject matter expertise in the development of IAM policies and technical standards.
Ensure policies incorporate regulatory requirements and industry standards (e.g., NIST, FFIEC, PCI).
Maintain a forward-looking policy framework that adapts to evolving technologies (cloud, APIs, non-human identities, etc.).
Lead discussions with senior stakeholders (e.g., CIOs, risk leaders, control owners) to prioritize policy enhancements and drive adoption.
Act as the central point of coordination across IAM, Risk, Audit, and Engineering teams.
Influence decision-making in environments without direct reporting authority.
Drive policy rollout, education, and awareness programs across the organization.
Partner with stakeholders to embed policy requirements into business processes and technology solutions.
Ensure clear documentation and communication of policy expectations to global teams.
Support enterprise IAM initiatives through strategy, planning, and program governance leadership.
Provide policy guidance for ongoing transformation efforts (e.g., entitlement management, identity lifecycle, privileged access).