Lead IAM Governance Specialist

About The Position

Requirements

• Bachelor's degree and a minimum of 5 years’ relevant work experience, or in lieu of a degree, a combined minimum of 9 years’ higher education and/or work experience inclusive of a minimum 4 years’ work experience in/with the specific Cybersecurity or Technology area and/or team
• Demonstrated advanced knowledge of IAM cybersecurity principles and compliance requirements.

Nice To Haves

• Subject matter expert on IAM platforms: SailPoint, Azure AD, Entra ID, CyberArk, PAM solutions
• Familiar with cloud identity strategy including Azure AD, Entra ID, RBAC, conditional access, and privileged role governance
• Experience with IAM road mapping, tooling strategy and modernization

Responsibilities

• Provide governance leadership across common IAM platforms (e.g., SailPoint, Azure AD / Entra ID, CyberArk, PAM solutions).
• Define expectations for birthright access, role models, entitlement management, and certification strategies.
• Ensure governance models are tool aware but tool agnostic, scalable, and not overly reliant on manual effort.
• Lead governance strategy for cloud identity, including Azure AD / Entra ID, RBAC, conditional access, and privileged role governance.
• Establish guardrails and standards for cloud-native access models, hybrid identity, and federated access.
• Serve as a senior advisor during complex access decisions, risk exceptions, and enterprise initiatives.
• Stay ahead of emerging risks in the workforce IAM space, including non human identities (NHI), AI/service accounts, cloud privilege sprawl, and over entitlement.
• Proactively identify control gaps and recommend governance enhancements.
• Contribute to IAM roadmaps, tooling strategy, and long term modernization efforts.
• Prepare reports through gathering, analyzing and summarizing data and information; prepares presentation materials for senior leadership reports.
• Partner with appropriate teams and leadership, First Line Risk, and Internal Audit to proactively mitigate risk through creation and enhancement of comprehensive policy framework.
• Execute comprehensive response to internal audit and regulatory requests, refining processes for efficiency and accuracy.
• Partner with Cybersecurity teams and managers to ensure process documentation, reporting, and performance metrics continuously improve with organizational maturity.
• Create remediation plans and supports team implementation, providing guidance to teams to ensure comprehensive execution against key actions and milestones.
• Foster strong partnerships with stakeholders in Cybersecurity teams to ensure successful development and implementation of the governance framework.
• Recommend key actions and milestones in project plan and leads execution of specification project milestones.
• Understand and adhere to the Company’s risk and regulatory standards, policies, and controls in accordance with the Company’s Risk Appetite.
• Design, implement, maintain, and enhance internal controls to mitigate risk on an ongoing basis.
• Identify risk-related issues needing escalation to management.
• Promote an environment that supports belonging and reflects the M&T Bank brand.
• Maintain M&T internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators as applicable.
• Complete other related duties as assigned.

Benefits

• medical
• retirement
• forty hours of paid volunteer time, each year