The IAM Policy Lead (VP-P5) is responsible for driving the development, governance, and lifecycle management of Identity and Access Management (IAM) policies, standards, and procedures across the enterprise. This role sits within Cybersecurity / Technology Risk and serves as a key leader in shaping the firm's IAM control environment, ensuring alignment with regulatory expectations, industry frameworks, and internal risk objectives.
The role requires strong leadership, cross-functional influence, and the ability to engage senior stakeholders to define and implement a cohesive IAM policy framework that supports secure, scalable, and compliant access management practices globally.
What you will do in the role
Policy Strategy & Governance
+ Lead the end-to-end lifecycle of IAM policies, standards, and procedures, including creation, approval, maintenance, and retirement.
+ Define and execute the IAM policy strategy, ensuring alignment with enterprise cybersecurity and technology risk frameworks.
+ Govern policy adherence across business units and technology divisions, ensuring consistency and control coverage.
Policy Development & Maintenance
+ Provide subject matter expertise in the development of IAM policies and technical standards..
+ Ensure policies incorporate regulatory requirements and industry standards (e.g., NIST, FFIEC, PCI).
+ Maintain a forward-looking policy framework that adapts to evolving technologies (cloud, APIs, non-human identities, etc.).
Stakeholder Engagement & Leadership
+ Lead discussions with senior stakeholders (e.g., CIOs, risk leaders, control owners) to prioritize policy enhancements and drive adoption.
+ Act as the central point of coordination across IAM, Risk, Audit, and Engineering teams
+ Influence decision-making in environments without direct reporting authority.
Policy Adoption & Communications
+ Drive policy rollout, education, and awareness programs across the organization.
+ Partner with stakeholders to embed policy requirements into business processes and technology solutions.
+ Ensure clear documentation and communication of policy expectations to global teams
Program & Initiative Support.
+ Support enterprise IAM initiatives through strategy, planning, and program governance leadership.
+ Provide policy guidance for ongoing transformation efforts (e.g., entitlement management, identity lifecycle, privileged access). Required Experience
+ 8+ years of experience in Identity & Access Management, Cybersecurity, or Technology Risk, with a focus on policy, governance, or controls
+ Demonstrated experience in developing and implementing technology policies and standards.
+ Proven ability to lead complex, cross-functional programs in large enterprise environments.
What you will bring to the role
+ Deep understanding of IAM domains (identity lifecycle, authentication, authorization, privileged access, entitlements governance)
+ Strong knowledge of regulatory and industry frameworks (e.g., NIST, FFIEC, PCI)
+ Excellent written and verbal communication skills, with ability to present to senior leadership.
+ Strong influencing and stakeholder management skills, especially in matrixed organizations.
+ Ability to translate technical controls into clear policy language and business requirements
Education
+ Bachelor's degree required; advanced degree or relevant certifications (e.g., CISSP, CISM, CRISC) preferred.