VP, Identity & Access Management - BISO

About The Position

Requirements

• 5–10 years of experience in Information Security, Risk Management, IT Governance, Identity & Access Management, or related fields.
• Direct experience with Segregation of Duties frameworks, access control models, and entitlement governance.
• Strong understanding of business processes in financial services (e.g., trade lifecycle, finance, operations, regulatory reporting).
• Proven track record of managing cross‑functional programs and driving outcomes with business and technology teams.
• Exceptional communication, facilitation, and relationship‑building skills.
• Ability to interpret complex technical and business issues and translate them into actionable plans.

Nice To Haves

• Experience with IGA platforms (SailPoint, Saviynt, or similar).
• Knowledge of role‑based access control (RBAC) design principles.
• Familiarity with regulatory frameworks (SOX, FFIEC, NIST, ISO27001).
• Prior consulting or BISO-type experience supporting business units.
• Strong analytical skills and comfort working with data.

Responsibilities

• SoD Program Leadership Lead the day‑to-day execution of the enterprise Segregation of Duties (SoD) initiative, including risk assessment, policy enforcement, and remediation tracking. Partner with business owners, IT application teams, and control partners to define, validate, and refine SoD rulesets and conflict matrices. Facilitate prioritization of SoD issues and deliver regular reporting to senior stakeholders, including dashboards and KPI tracking.
• Business Partnership & Stakeholder Engagement Act as the primary liaison between Global Information Security and assigned business units, understanding their processes, applications, and risk landscape. Conduct workshops, working sessions, and recurring governance meetings with business and IT teams (e.g., SOD Weekly Management Connect) to drive alignment and resolve issues. Communicate program updates, risks, and requirements to senior leaders in a clear and actionable manner.
• Identity Governance & Control Execution Collaborate with application owners to ensure appropriate role design, access certifications, and control implementation that reduce SoD violations. Support annual and ongoing certification cycles, partnering with business and technology teams (e.g., 2026 Certification Process sessions) to ensure compliant execution. Work with audit, compliance, and risk teams to support assessments and drive closure of identified issues.
• Program Governance & Continuous Improvement Maintain and enhance SoD standards, procedures, and governance artifacts. Recommend and drive improvements to tooling, automation, reporting, and integration with IAM systems (e.g., IGA platform, entitlement data quality, and application onboarding). Monitor control performance and identify opportunities to tighten controls or reduce manual effort.
• Cross‑Functional Collaboration Coordinate with IAM engineering, security architecture, compliance, internal audit, application teams, and external partners. Facilitate discussion around SoD implications during new application onboarding, system upgrades, and process changes. Serve as an internal subject matter expert on SoD and access risk.