Identity & Access Governance Lead
About the position
The Identity & Access Governance Lead is responsible for establishing, overseeing, and continuously improving the credit union’s Identity and Access Management (IAM) governance framework as a Second Line of Defense (2LoD) function. This role provides independent oversight of IAM controls, access risk, and compliance across the enterprise, with a primary focus on governance, assurance, and control effectiveness rather than day-to-day operational administration.
The position partners closely with First Line of Defense (1LoD) IT and business teams to govern role-based access models, ensure ongoing access reviews, and validate that identity lifecycle controls, including provisioning and deprovisioning, are designed and operating effectively across Microsoft Active Directory, Microsoft Entra, Microsoft 365, and critical business applications.
This role plays a key part in regulatory readiness, audit support, and IAM maturity, while maintaining appropriate separation from operational execution.
Responsibilities
• Serve as the 2LoD authority for IAM governance, providing independent oversight of access controls, identity lifecycle processes, and role management practices.
• Assess the design and operating effectiveness of IAM controls implemented by the 1LoD, including access provisioning, deprovisioning, and periodic access certifications.
• Develop, review, and maintain IAM governance documentation, including policies, standards, control requirements, and access review methodologies.
• Ensure IAM governance practices align with internal risk management standards and regulatory frameworks such as FFIEC, GLBA, and NIST.
• Partner with 1LoD teams to define, review, and govern role-based access control (RBAC) models for:
Microsoft Active Directory
Microsoft Entra (Azure AD)
Critical and high-risk business applications
• Validate role definitions and entitlement mappings to ensure adherence to least privilege and segregation of duties (SoD) principles.
• Lead and oversee ongoing user access reviews across the Microsoft environment and designated critical applications.
• Analyze access and entitlement data to identify anomalies, inappropriate access, and control deficiencies.
• Ensure timely completion, documentation, and evidence retention of access reviews to support audit and regulatory examinations.
• Provide governance oversight and control requirements for automated provisioning and deprovisioning processes.
• Partner with 1LoD teams to define access lifecycle standards for joiners, movers, and leavers (JML).
• Assist with requirements definition, risk assessment, and control design for the build-out or enhancement of provisioning and deprovisioning tooling, while maintaining separation from operational execution.
• Act as a key IAM governance contact for internal audit, external audit, and regulatory examinations.
• Provide access governance evidence, control documentation, metrics, and issue tracking.
• Identify IAM-related risks and control gaps, and partner with stakeholders to drive remediation.
• Develop and maintain IAM risk and control reporting for executive and risk leadership.
• Define and maintain IAM governance metrics related to access reviews, role health, provisioning effectiveness, and control compliance.
• Provide regular reporting to the CISO and relevant risk committees.
• Identify opportunities to improve IAM governance maturity, automation, and risk reduction.
• Stay current on evolving IAM technologies, identity governance practices, and regulatory expectations.
Requirements
• H.S. Diploma Required
• Bachelors Degree in Information Security, Computer Science, Information Systems, or a related field Required.
• 5-8 years similar or related experience of IAM, IT Risk, or IT Compliance experience, including governance or oversight responsibilities Required.
• Strong understanding of IAM governance principles, including RBAC, least privilege, segregation of duties, and access lifecycle management.
• Ability to independently assess control effectiveness and articulate access risk.
• Strong analytical skills with the ability to interpret complex entitlement data.
• Excellent written and verbal communication skills, including audit- and regulator-facing documentation.
• Ability to influence and partner effectively with 1LoD teams without direct authority.
• High attention to detail and strong accountability mindset.
• Certified Identity and Access Manager (CIAM)
• Certified Identity and Access Professional (CIAP)
• CISSP or equivalent industry certification
Nice-to-haves
• Experience in financial services or regulated industries and familiarity with Microsoft Active Directory, Entra, Microsoft 365, and IAM tooling (access certification, RBAC, provisioning) Preferred.
Benefits
• Generous paid time off: paid holidays, floating holidays, personal days, vacation days, plus sick time
• Low-cost Medical, Dental & Vision plans
• Paid childcare assistance
• Award-winning 401K
• Gym fee reimbursement
• Tuition Reimbursement
• Student loan repayment
Apply tot his job
Apply To this Job
The Identity & Access Governance Lead is responsible for establishing, overseeing, and continuously improving the credit union’s Identity and Access Management (IAM) governance framework as a Second Line of Defense (2LoD) function. This role provides independent oversight of IAM controls, access risk, and compliance across the enterprise, with a primary focus on governance, assurance, and control effectiveness rather than day-to-day operational administration.
The position partners closely with First Line of Defense (1LoD) IT and business teams to govern role-based access models, ensure ongoing access reviews, and validate that identity lifecycle controls, including provisioning and deprovisioning, are designed and operating effectively across Microsoft Active Directory, Microsoft Entra, Microsoft 365, and critical business applications.
This role plays a key part in regulatory readiness, audit support, and IAM maturity, while maintaining appropriate separation from operational execution.
Responsibilities
• Serve as the 2LoD authority for IAM governance, providing independent oversight of access controls, identity lifecycle processes, and role management practices.
• Assess the design and operating effectiveness of IAM controls implemented by the 1LoD, including access provisioning, deprovisioning, and periodic access certifications.
• Develop, review, and maintain IAM governance documentation, including policies, standards, control requirements, and access review methodologies.
• Ensure IAM governance practices align with internal risk management standards and regulatory frameworks such as FFIEC, GLBA, and NIST.
• Partner with 1LoD teams to define, review, and govern role-based access control (RBAC) models for:
Microsoft Active Directory
Microsoft Entra (Azure AD)
Critical and high-risk business applications
• Validate role definitions and entitlement mappings to ensure adherence to least privilege and segregation of duties (SoD) principles.
• Lead and oversee ongoing user access reviews across the Microsoft environment and designated critical applications.
• Analyze access and entitlement data to identify anomalies, inappropriate access, and control deficiencies.
• Ensure timely completion, documentation, and evidence retention of access reviews to support audit and regulatory examinations.
• Provide governance oversight and control requirements for automated provisioning and deprovisioning processes.
• Partner with 1LoD teams to define access lifecycle standards for joiners, movers, and leavers (JML).
• Assist with requirements definition, risk assessment, and control design for the build-out or enhancement of provisioning and deprovisioning tooling, while maintaining separation from operational execution.
• Act as a key IAM governance contact for internal audit, external audit, and regulatory examinations.
• Provide access governance evidence, control documentation, metrics, and issue tracking.
• Identify IAM-related risks and control gaps, and partner with stakeholders to drive remediation.
• Develop and maintain IAM risk and control reporting for executive and risk leadership.
• Define and maintain IAM governance metrics related to access reviews, role health, provisioning effectiveness, and control compliance.
• Provide regular reporting to the CISO and relevant risk committees.
• Identify opportunities to improve IAM governance maturity, automation, and risk reduction.
• Stay current on evolving IAM technologies, identity governance practices, and regulatory expectations.
Requirements
• H.S. Diploma Required
• Bachelors Degree in Information Security, Computer Science, Information Systems, or a related field Required.
• 5-8 years similar or related experience of IAM, IT Risk, or IT Compliance experience, including governance or oversight responsibilities Required.
• Strong understanding of IAM governance principles, including RBAC, least privilege, segregation of duties, and access lifecycle management.
• Ability to independently assess control effectiveness and articulate access risk.
• Strong analytical skills with the ability to interpret complex entitlement data.
• Excellent written and verbal communication skills, including audit- and regulator-facing documentation.
• Ability to influence and partner effectively with 1LoD teams without direct authority.
• High attention to detail and strong accountability mindset.
• Certified Identity and Access Manager (CIAM)
• Certified Identity and Access Professional (CIAP)
• CISSP or equivalent industry certification
Nice-to-haves
• Experience in financial services or regulated industries and familiarity with Microsoft Active Directory, Entra, Microsoft 365, and IAM tooling (access certification, RBAC, provisioning) Preferred.
Benefits
• Generous paid time off: paid holidays, floating holidays, personal days, vacation days, plus sick time
• Low-cost Medical, Dental & Vision plans
• Paid childcare assistance
• Award-winning 401K
• Gym fee reimbursement
• Tuition Reimbursement
• Student loan repayment
Apply tot his job
Apply To this Job