Identity & Technology Risk Lead

We are seeking a strategic and technically strong Identity & Technology Risk Architect to lead the identity governance and technology risk management efforts. This individual will be responsible for architecting and operationalizing our Identity & Access Governance (IAG) program designing scalable controls to support access lifecycle and policy enforcement and driving continuous improvements in how Digital & AI and the broader organization manage technology risk. This role will work at the intersection of security architecture enterprise systems, DevOps, and governance, serving as a key partner to auditors, technology leaders, and risk stakeholders.

• Own the development and execution of the organization's Identity & Access Governance (IAG) strategy and program.
• Design, implement, and operate IGA tooling such as SailPoint IdentityIQ to automate and enforce:
  • Birthright access control
  • Segregation of duties (SoD)
  • Toxic combination detection
  • Access reviews and recertification
  • Define policies and guardrails across critical applications platforms and infrastructure to support secure compliant access provisioning

• Identify, register, and manage technology risks for the Digital & AI division and broader enterprise as relevant.
• Lead initiatives to embed risk assessments and controls across solution development, cloud engineering, and platform architecture.
• Collaborate with GRC, legal, and risk teams to ensure alignment with enterprise-wide risk frameworks and standards.

• Support Enterprise Architecture and DevOps teams in integrating identity and risk design into technical architectures and CI/CD pipelines.
• Contribute to secure design reviews, risk assessments, and threat modeling efforts.
• Serve as a subject matter expert on identity and access architecture.

• Act as the primary point of contact for internal and external audits related to IT access controls, identity governance, and technology risk posture.
• Manage evidence gathering, documentation control, testing, and remediation tracking.

• No direct people management but expected to have solid stakeholder management skills to work across the company with multiple departments.

• 10 years of experience in identity management and technology risk.
• Proven expertise in Identity Governance & Administration (IGA) solutions, especially SailPoint IdentityIQ, including implementation and operation.
• Deep understanding of access control principles, SoD models, toxic combinations, and compliance standards.
• Experience with technology risk frameworks (e.g., NIST CSF, ISO 27005, COBIT).
• Hands‑on experience working with DevOps and enterprise IT teams in secure solution design.
• Professional certifications: CISSP, CISA, CRISC or Identity-focused certifications (e.g., Certified Identity and Access Manager).
• Experience integrating identity tooling with HR systems, ITSM, cloud platforms, and application catalogs.
• Strong communication and stakeholder engagement skills, including audit and regulator interactions.