Identity and Access Management (IAM) Senior Consultant

LOB Summary:

Global Information Security (GIS) is responsible for protecting bank information systems, confidential and proprietary data, and customer information. GIS develops the bank’s Information Security strategy and policy, manages the Information Security program, identifies and addresses vulnerabilities, and operates a global security operations center that monitors, detects, and responds to cybersecurity incidents. Within GIS, Identity and Access Management (IAM) is a security discipline that enables the right individuals to access the right resources at the right times and in the right context. IAM addresses the mission-critical need to ensure appropriate access across increasingly heterogeneous technology environments and to meet increasingly rigorous compliance requirements.

What you can expect in Identity & Access Management:

In today’s highly connected world, managing and securing the identity of users is essential to the safety and success of our workforce. The Identity & Access Management (IAM) team works within Global Information Services (GIS) and in close participation with all other LOB teams as well as second and third line of defense partners. This role is highly visible and requires frequent interaction with senior management and key stakeholders.

The Senior IAM Information Security Controls Lead will analyze, strengthen, and secure the company's IAM systems and overall risk posture for end user, application and privileged access management. The individual in this role will be a leader in the IAM innovation space, working with senior leaders to implement new technologies and frameworks. This role requires collaboration with technology peers to modernize the IAM ecosystem for securing evolving technologies and identities.

The role also applies knowledge of laws, rules, regulations, and information security frameworks (e.g., NIST, COBIT, ISO) to establish and maintain policies, validate alignment of processes and controls to requirements, report on adherence to policy requirements, and maintain governance programs related to IAM Standard controls. Expectations include leveraging data analytics, governance process management, and cross-functional partnerships to verify policy compliance, identify gaps, and support remediation activities.

Responsibilities:

• Define and steer IAM standards including designing enterprise appropriate adherence models, and related measures for governance, controls and effectiveness management.

• Drive application/platform IAM modernization approach and program for information & data synchronization/management, moving from legacy manual to modernized identity automation solutions, such as connector frameworks.

• Collaborate with partner cybersecurity, engineering, and compliance teams to develop and align controls with industry standards, to mitigate known threat vectors, adopt best practice principles and meet regulatory requirements.

• Drive optimization & adoption of innovative and transformational strategies including but not limited to tooling integrations with enterprise platforms such as Active Directory, Mainframe and Public Cloud.

• Drive requirements, modernization and derisk efforts for processes, controls, systems and platforms, reducing technical debt, improving identity hygiene and supporting continual risk reduction efforts.

• Interacting with examiners and partners within control oversight organizations such as Audit, Compliance, Operational Risk, Regulators, and independent assessment organizations to represent IAM.

• Manage, liaise with and oversee currency of documentation, governance routines, and QA processes to capture, drive and improve alignment with standards and controls.

• Drive access management product and systems requirements for solutions, platforms and application-level integrations.

• Influence technology decisions and vendor strategies to support IAM objectives.