Data Access Governance Architect - strong IAM expertise

France - Paris; France - Remote

Shift is the leading AI platform for insurance. Shift combines generative, agentic, and predictive AI to transform underwriting, claims, and fraud and risk - driving operational efficiency, exceptional customer experiences and measurable business impact. Trusted by the world's leading insurers, Shift delivers AI when and where it matters most, at scale and with proven results.

Our culture is built on innovation, trust, and a drive to transform the insurance industry through our SaaS platform. We come from more than 50 different countries and cultures and together we are creating the future of insurance.

As the Data Access Governance Architect, you will own and drive the end-to-end data access governance program. You are the single point of ownership responsible for defining the "who, what, and why" of data access, architecting the technical solution, and managing the program to implement it.

This is a critical, hands‑on leadership role. You won't just design the framework; you will act as the primary authority, investigate the use‑cases, build the technical controls, and run the program. You are the "go-to" expert and owner for who can access what data, why, and how. As part of the Information Security department, this role reports to the CISO.

• Own the data access governance program from discovery to implementation and operation.
• Act as the central technical authority and owner for the data access governance framework, particularly for customer tenant data.
• Partner with Legal, Product, and Sales to discover, interpret, and define critical data access use‑cases and constraints required by contracts and regulations.
• Lead cross‑functional workshops to map data flows, define access roles (RBAC), and secure stakeholder buy‑in.
• Develop and report on program KPIs to measure the state of access controls, risk reduction, and compliance.

Technical Architecture & Engineering

• Architect and design the technical data access framework, including scalable RBAC models, policies, and integrations.
• Lead the hands‑on implementation and integration of our central IAM platform (e.g., Okta, Entra ID) to enforce the access policies you design.
• Design, build, and maintain automated Joiner, Mover, and Leaver (JML) workflows to ensure secure user lifecycle management.
• Engineer and operate data discovery and classification tools to identify and map sensitive data flows.
• Engineer, implement, and manage the firm's Data Loss Prevention (DLP) and data discovery/classification tools to map and protect sensitive data flows.

Governance Operations & Assurance

• Own and maintain the central registry of data and access constraints to ensure and demonstrate compliance.
• Serve as the primary technical escalation point and final approver for complex data access requests, handling exceptions to the defined policies.
• Drive the program‑level rollout of the data access governance model, working with Engineering and Infrastructure to get controls implemented.
• Manage and coordinate all periodic user access certification campaigns for sensitive data, ensuring timely completion and sign‑off.
• Develop and report on program KPIs to measure the state of access controls and compliance.

• Experience: At least seven (7) years of proven experience in a hands‑on role spanning IAM, data security, or security architecture.
• Education: Bachelor’s Degree in a relevant field or equivalent work experience.
• Core Knowledge: Strong, demonstrated understanding of core IAM principles (Least Privilege, RBAC, JML) and data security concepts.
• Hands‑On IAM: Hands‑on experience with major IAM platforms (e.g., Okta, SailPoint, Entra ID) and their integration.
• Technical Skills:
  • Strong knowledge of authentication and authorization standards (SAML, OAuth, OpenID Connect, SCIM).
  • Proficiency in at least one scripting language (e.g., PowerShell, Python) or a query language (SQL).
  • Expertise in designing and operating Data Loss Prevention (DLP), data discovery, and classification tools.
• Core Competencies:
  • Proven program management skills; the ability to manage competing priorities, drive projects to completion, and hold stakeholders accountable.
  • A strong investigative mindset, with the ability to find and document requirements from non‑technical stakeholders.
  • Excellent communication skills and the ability to act as a central point of authority with confidence.
  • High degree of attention to detail and strong documentation skills.
• Compliance: Knowledge of data protection regulations and compliance frameworks (e.g., GDPR, CCPA, ISO27001, SOC2, HIPAA etc.) and their technical application.

• TA Interview
• CISO Interview
• Set of 3 team interviews, including a panel

• Flexible remote and hybrid working options
• Competitive Salary and a variable component tied to personal and company performance
• Company equity
• Multiple Learning and Development opportunities, including Focus Fridays, a half‑day each month to focus on learning and personal growth
• Generous PTO and paid holidays
• 2 MAD Days per year (Make A Difference Days for paid volunteering)
• Additional benefits may be offered by country – ask your recruiter for more information. Intern and Apprentice positions are eligible for some of these benefits – ask your recruiter for more details.

At Shift we strive to be a diverse and inclusive workforce. We welcome applications from and hire people who will contribute to the diversity of our company, without regard to race, color, religion, marital status, age, national or ethnic origin, physical or mental disability, medical condition, pregnancy, genetic information, gender identity or expression, sexual orientation, or other non‑merit criteria.

Shift Technology is committed to providing reasonable accommodations for qualified individuals with disabilities in our application and employment process. Should you require accommodation, please email accommodation@shift-technology.com and we will work with you to meet your accessibility needs.

Please be aware of scammers and only trust correspondence that comes from emails ending in "shift-technology.com". We will never do initial outreach to you via Whatsapp/Text/SMS, never ask for banking information or personal identification numbers (ex. Social Security Number) as part of our recruitment process.

Shift Technology does not accept unsolicited CVs from recruiters or employment agencies in response to the Shift Technology Careers page or a Shift Technology social media post. Any unsolicited CVs, including those submitted directly to hiring managers, are deemed to be the property of Shift Technology.