Confluent

Staff Security Risk & Compliance Program Manager - Access Management

Confluent$120K — $160K *
US-Anywhere
+ 2 other locationsRemote
Information Technology
8 - 10 years of experience
Job Overview by Ladders

Qualifications

  • 8+ years in security program management or related fields, with 3 years managing an enterprise-scale access program
  • Deep expertise in identity and access management concepts (least privilege, RBAC/ABAC)
  • Working knowledge of machine and workload identity, including S2S authentication and NHI
  • Strong understanding of cloud security controls in environments like GCP, AWS, and Azure
  • Experience with access tooling like Okta and familiarity with access enforcement processes

Responsibilities

  • Own strategic direction for Confluent's access management program, focusing on machine and workload identity
  • Lead the enforcement of service-to-service (S2S) authentication across Trust & Security surfaces
  • Develop and manage the Access Management Standard, ensuring compliance and audit readiness
  • Define access metrics and curate reporting to senior leadership on risk posture
  • Facilitate cross-functional collaboration with engineering and identity teams
  • Integrate access management with governance, risk, and compliance across teams

Benefits

  • Participate in a dynamic work environment centered on innovation
  • Access to training and development opportunities in cutting-edge security practices
  • Work alongside leading experts in security and technology
  • Flexible working arrangements to support work-life balance
  • Contribute to impactful projects that shape security within the organization
Full Job Description
About the Role:

We are seeking a highly motivated and experienced Staff Security Risk & Compliance Program Manager - Access Management to join our Trust & Security team. This senior role owns Confluent's internal access management program and leads its evolution toward machine and workload identity - service-to-service (S2S) authentication, non-human identity (NHI), and access controls for AI agents - as the next frontier of least-privilege security for the Confluent Cloud platform.

You will be the horizontal owner of how Confluent governs access: the Access Management Standard, access metrics, and the executive reporting cadence. As access operations are distributed across partner functions, you will hold the policy, risk, and measurement line so Confluent maintains one coherent access posture rather than fragmented silos.

What You Will Do:
  • Strategy and Leadership: Own the strategic direction and roadmap for Confluent's internal access management program, with machine and workload identity as the durable center of gravity. Drive the program's maturity model from control-building toward sustained governance and least-privilege outcomes.
  • Machine & Workload Identity: Lead the program to enforce service-to-service (S2S) authentication across Trust & Security-owned surfaces, taking ownership of the enforcement hand-off from the identity engineering team. Formalize non-human identity (NHI) - service accounts, keys, and workload credentials - from pilot into a funded, governed program. Stand up access controls for AI agents as agentic workloads acquire production access.
  • Access Governance & Standards: Own the Access Management Standard and the policies that operationalize least privilege, separation of duties, and periodic access review across human and machine access. Ensure the standard keeps pace with the evolving access surface and remains audit-ready.
  • Metrics, Reporting & Governance Cadence: Own access metrics and reporting (e.g., JIT/unilateral-access volume, broad-privilege usage, prod-access reduction). Define and track program OKRs and run the monthly execution and executive-review cadence, articulating risk posture and progress to senior leadership.
  • Cross-Functional Execution & Transitions: Drive cross-functional delivery with engineering, platform, and identity teams without direct authority.
  • Integration with GRC and Partner Functions: Ensure the access management program is tightly integrated with adjacent GRC domains and partner teams (Insider Threat, IT/Identity, Detection & Response, and engineering owners), with clear RACI across governance and operations.
What You Will Bring:
  • Experience: 8+ years in security program management, identity & access management, or a closely related security discipline, with at least 3 years running an enterprise- or platform-scale access program in a technology company.
  • Technical Skills:
    • Deep expertise in identity and access management concepts: least privilege, separation of duties, RBAC/ABAC, just-in-time (JIT) and privileged access management (PAM), and access review/certification.
    • Working knowledge of machine and workload identity - service-to-service authentication, non-human identity, service accounts, secrets/key management, and emerging AI-agent access patterns.
    • Strong security engineering fundamentals across cloud infrastructure security controls in GCP, AWS, and/or Azure, including Kubernetes and cloud control-plane access models.
    • Familiarity with identity platforms and access tooling (e.g., Okta, JIT/access-orchestration tooling) and how access controls are enforced in production.
  • Tooling and Automation: Experience integrating access processes, controls, or findings into GRC and access-orchestration platforms, and a bias toward automating access decisions over manual operations.
  • Program Management Skills:
    • Strong project management and organizational skills.
    • Exceptional analytical and problem-solving skills, with a data-driven approach to decision-making.
    • Experience running long-term, complex security programs that deliver iterative, measurable risk reduction.
  • Communication and Collaboration Skills:
    • Excellent written and verbal communication, with the ability to influence and lead without direct authority across engineering and security teams.
    • Ability to articulate complex technical concepts and program status to executive-level audiences and technical teams alike.


Ready to build what's next? Let's get in motion.

About Confluent

Confluent is an American software company that provides a streaming platform based on Apache Kafka. The company was founded in 2014 by the creators of Apache Kafka and is headquartered in San Francisco, California. Confluent's platform enables companies to easily access data as real-time streams, making it easier to build and manage real-time data pipelines and applications. The company's platform is used by a variety of industries, including financial services, healthcare, and retail.
Learn more about Confluent
Size
1,000 employees
Market Cap
$6 billion
Industry
Founded
2014
NASDAQ

Similar Jobs

More Jobs at Confluent

More Information Technology Jobs

Find similar Staff Security Risk & Compliance Program Manager - Access Management jobs: