Identity & Access Management (IAM) Security Governance Engineer

Role Overview

The IAM Security Governance Engineer will take ownership of the governance and evolution of the organization’s identity and access management ecosystem. This role focuses on defining, enforcing, and continuously improving access governance standards across platforms, products, and regions, ensuring secure and consistent access controls at scale.

Working at the intersection of security policy and technical execution, the role partners closely with Cybersecurity, IAM, Cloud Governance, infrastructure teams, and product owners. The objective is to translate governance principles into enforceable technical controls covering authentication, authorization, account lifecycle management, and role-based access.

This position blends policy definition, risk oversight, metrics and reporting, and enablement—supporting both technical teams and business stakeholders in managing identities and access securely and efficiently.

---

Key Responsibilities

Access Governance & Policy Ownership

• Define, maintain, and evolve access management policies and related governance frameworks.

• Ensure policies are consistently applied and enforced across systems, platforms, and environments.

Stakeholder & Cross-Team Collaboration

• Serve as the primary contact for access management governance topics for product and platform teams.

• Work closely with IAM, Cybersecurity, Cloud Governance, and infrastructure teams to ensure governance requirements are reflected in technical implementations.

Access Reviews & Certifications

• Lead periodic access reviews, entitlement recertifications, and access reporting activities.

• Collaborate with application and platform owners to determine review scope, frequency, and depth.

Risk Management & Reporting

• Identify access-related non-compliance, control gaps, and policy violations.

• Track, manage, and report risks in partnership with responsible stakeholders.

Continuous Improvement & Enablement

• Support IAM tooling initiatives (implementation, upgrades, migrations) from a governance and requirements standpoint.

• Provide guidance, training, and enablement to teams on secure access practices and governance compliance.

Technical & Security Alignment

• Govern single sign-on and authentication solutions using technologies such as SAML2, OAuth2, LDAP, and Active Directory.

• Partner with technical IAM teams to ensure IAM systems are securely designed, hardened, and aligned with governance standards.

---

Profile & Experience

• Proven experience in IAM, access governance, or security governance roles, ideally combining operational and governance responsibilities.

• Strong understanding of IAM concepts, including role-based access control, access lifecycle processes, and governance models.

• Experience implementing and governing SSO solutions, OAuth configurations, and identity standards such as SAML, LDAP, and related protocols.

• Familiarity with cloud-based identity architectures and integrating cloud services into enterprise IAM frameworks.

• Ability to advise and collaborate with stakeholders across cybersecurity, IAM, and business domains.

• Demonstrated capability to produce clear policies, standards, process documentation, and governance frameworks.

• Experience working with enterprise platforms supporting multiple development teams.

---

Desired Qualifications & Skills

• 5+ years of experience in IAM security and/or access governance.

• Solid understanding of least-privilege principles, role design, segregation of duties, and access risk management.

• Hands-on exposure to IAM or access governance platforms, including access review and certification tooling.

• Background in designing, deploying, administering, or governing IAM solutions.

• Bachelor’s degree in Computer Science, Information Security, or a related discipline (or equivalent professional experience).

• Strong communication and collaboration skills within international and cross-cultural environments.

• High standards of professionalism, integrity, and a strong risk- and control-focused mindset.

• Genuine interest in information security and identity management, with the ability to apply practical, experience-based recommendations