Tech Risk Assurance Lead- IAM SME

Opportunity to shape risk culture and ensure technological safeguards in a dynamic collaborative environment.

As a Tech Risk Assurance Lead in our Cybersecurity and Technology Controls team you will lead expert technical risk assurance and control oversight to ensure the firms products and lines of business achieve their objectives while effectively managing risk. Utilizing your background in technology risk management you will work with cross-functional teams to identify assess and mitigate emerging risks and vulnerabilities. Your tactical and strategic decision-making will significantly impact the firms operations financial management and public image. You will play a crucial role in fostering a robust risk culture and catalyzing continuous improvement contributing to the development and implementation of comprehensive risk management policies standards and controls.

This role is pivotal in ensuring the security and resilience of our technology infrastructure and will focus on the identification analysis and management of technology risks. The ideal candidate will have a strong background in cybersecurity and technology with a keen ability to gather and review findings and telemetry data conduct root cause analysis and articulate risk effectively.

Job responsibilities

• Collect and meticulously review findings and telemetry data to ensure comprehensive risk assessment.
• Utilize advanced data analytics to identify patterns and anomalies that may indicate potential risks providing a comprehensive risk assessment.
• Conduct thorough root cause analysis to identify the underlying causes and themes of issues and incidents developing actionable insights and recommendations to address these root causes and prevent recurrence.
• Leverage subject matter expertise in cybersecurity controls and technology operations to identify emerging issues and articulate associated risks clearly and communicate risk findings to stakeholders in a manner that is both informative and actionable.
• Collaborate with cross-product and functional teams to analyze high-priority risks evaluate gaps in related standards and controls and create outputs that propel remediation plans controls and standards development.
• Prepare detailed reports and documentation of risk assessments findings and recommendations and ensure all documentation is accurate comprehensive and accessible to relevant stakeholders.
• Develop and maintain strong business and technology relationships becoming a trusted partner.
• Implement innovative solutions to enhance the organizations risk posture.
• Champion the adoption of emerging technologies and industry best practices to enhance the firms risk management capabilities and fuel continuous improvement initiatives.

Required qualifications capabilities and skills

• 5 years of experience or equivalent expertise in technology risk management cybersecurity or a related field focusing on risk assessment and mitigation.
• Solid understanding of Identity and Access Management (IAM) concepts including authentication authorization identity federation access control models (RBAC ABAC) and privilege management.
• Familiarity with authentication protocols such as SAML OAuth 2.0 OpenID Connect and Kerberos.
• Strong grasp of IAM security best practices such as least privilege separation of duties MFA enforcement Just-in-Time (JIT) access and zero trust principles.
• Ability to collaborate with application owners cloud teams IT and security to investigate IAM-related incidents and identify root causes and control gaps.
• Skilled at reviewing IAM configurations to identify misconfigurations or over-provisioning and recommending improvements.
• Understand identity lifecycle and policy enforcement across systems.

Preferred qualifications capabilities and skills

• AI Prompt Engineering
• Expertise in Agile methodologies and ability to work with common frameworks.
• Relevant certifications in cybersecurity or risk management are a plus.
• Hands-on experience implementing and/or managing IAM technologies such as Azure AD AWS IAM Okta Ping Identity Active Directory LDAP and CyberArk.
• Experience in monitoring identity-related activity using SIEM tools such as Splunk Sentinel identity analytics and user behavior analytics (UEBA).