Senior IAM Governance, Lead Analyst

About The Position

Requirements

• 8+ years' experience with hands-on experience in non-human identity, privileged access, and resource management methodologies and a deep understanding of how they reduce risk.
• Conversant in global security regulations and recognized industry standards and frameworks (e.g., CRI, SOX, NIST).
• Demonstrated experience with Privileged Access Management (PAM) tools such as CyberArk, HashiCorp, or BeyondTrust.
• Proficiency with other key IAM technologies, including PING, Active Directory, and PlainID.
• Demonstrated experience in Agile project planning, execution, risk mitigation, and change management.
• Proven record of influencing stakeholders and strong relationship management skills.
• Excellent communication and presentation skills, with the ability to articulate data-driven plans.
• Strong analytical, problem-solving, and organizational skills with a track record of meeting milestones.
• A proactive approach with a focus on creative solutions and continuous improvement.
• Actively builds and cultivates strong connections and partnerships across businesses and regions to support diversity.
• Bachelor’s Degree or equivalent work experience.

Nice To Haves

• Relevant information security certifications (e.g., CISSP, CISM, etc.) are highly preferred.

Responsibilities

• Define, maintain, and interpret information security standards for Identity and Access Management.
• Partner with architecture, engineering, and operations on emerging IAM capabilities and technologies to assess risks and enable governance.
• Identify, define, and create new governance controls to ensure compliance with security standards.
• Collaborate with technology and platform owners to embed controls directly into the environment for frictionless adoption.
• Define IAM standards and the key performance metrics used to measure their effectiveness.
• Define how the organization will securely enable emerging capabilities like artificial intelligence identities and Policy Based Access Controls (PBAC).
• Maintain and optimize existing governance processes, including procedures management, capacity management, and reporting.
• Evaluate the alignment of internal controls to cybersecurity frameworks (e.g., CRI, SOX, NIST) and develop actions to mature governance.
• Engage senior management with timely, accurate, and actionable reporting on existing risks, emerging trends, and areas of concern.
• Lead the Identity and Access Management team's engagement with internal and external auditors and examiners.
• Continuously monitor industry trends and engage with peer organizations to refine and inform the IAM governance strategy.
• Forge strong working relationships with security functions, product delivery teams, IT, risk management, and audit partners.
• Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency, as well as effectively supervise the activity of others and create accountability with those who fail to maintain these standards

Benefits

• medical, dental & vision coverage
• 401(k)
• life, accident, and disability insurance
• wellness programs
• paid time off packages, including planned time off (vacation)
• unplanned time off (sick leave)
• paid holidays
• discretionary and formulaic incentive and retention awards