What We're Looking ForCross River Bank is seeking a VP of Identity & Access Management (IAM) to build and lead a modern, risk-aligned, and automation-forward IAM program. Reporting to the VP of IT Security Engineering, this strategic and technical leader will drive the design, governance, and execution of IAM capabilities across our cloud, on-premises, and SaaS environments.
This role will be instrumental in maturing our identity lifecycle management, enforcing least privilege, and enhancing secure access governance-while ensuring compliance with FFIEC, SOC 2, PCI DSS, and other regulatory standards.
Responsibilities:Strategy & Leadership- Define and own the bank's IAM vision, roadmap, and architecture, aligned with security, compliance, and business goals.
- Build, lead, and mentor a small but high-performing IAM team, fostering a culture of collaboration, innovation, and accountability.
- Champion secure and scalable IAM practices across business units, product teams, and infrastructure domains.
- Partner with Engineering and Compliance to enhance identity governance maturity.
Lifecycle Management & Automation- Oversee the design and automation of Joiner-Mover-Leaver processes.
- Drive implementation of access request workflows and access reviews through tools like ServiceNow, with tight policy enforcement and auditability.
- Reduce identity sprawl by enforcing role-based and attribute-based access controls (RBAC/ABAC).
- Support federated SSO and MFA rollout across all SaaS applications to eliminate shadow IT.
Privileged Access & Governance- Lead the rationalization and control of privileged access across AWS, Azure (PIM), and legacy AD environments.
- Partner with Security Engineering and Audit to execute regular access reviews and design SoD frameworks.
- Define access certification cycles with actionable outputs for business owners.
Cloud & SaaS Identity- Guide cloud identity strategies for Azure, AWS, and SaaS ecosystems to ensure secure and scalable access models.
- Collaborate with Engineering to securely onboard new SaaS vendors under centralized identity management and SSO.
Audit & Compliance- Maintain IAM controls to meet FFIEC, SOC 2, and PCI DSS standards, and respond effectively to FDIC audits.
- Establish clear KPIs and metrics for IAM hygiene, access review coverage, and lifecycle automation.
Qualifications: - 10+ years in IAM, Information Security, or IT Risk roles, with 3+ years in a people management or technical leadership capacity.
- Hands-on experience with IAM platforms (e.g., SailPoint, Saviynt, Azure AD, CyberArk, Okta), ideally in a financial services or regulated environment.
- Deep knowledge of identity lifecycle automation, JML workflows, RBAC, ABAC, SSO, MFA, and PAM principles.
- Proven success aligning IAM strategy with risk, audit, and compliance functions.
- Familiarity with scripting or automation (PowerShell, Python) and modern identity protocols (SAML, OAuth2, OIDC, SCIM).
- Strong communication, influencing, and documentation skills; able to evangelize IAM to both technical and business audiences.
- Experience implementing or integrating with HRIS systems like Workday and ITSM systems like ServiceNow is a plus.
- Certifications preferred: CISSP, CISM, or vendor-specific IAM certs.
#LI-AC1 #LI-Hybrid #LI-Onsite
Salary Range: $160,000.00 - $200,000.00