Data Access Governance Architect strong IAM expertise

Shift is the leading AI platform for insurance. Shift combines generative agentic and predictive AI to transform underwriting claims and fraud and risk - driving operational efficiency exceptional customer experiences and measurable business impact. Trusted by the worlds leading insurers Shift delivers AI when and where it matters most at scale and with proven results.

Our culture is built on innovation trust and a drive to transform the insurance industry through our SaaS platform. We come from more than 50 different countries and cultures and together we are creating the future of insurance.

As the Data Access Governance Architect you will own and drive the end-to-end data access governance program. You are the single point of ownership responsible for defining the who what and why of data access architecting the technical solution and managing the program to implement it.

This is a critical hands-on leadership role. You wont just design the framework; you will act as the primary authority investigate the use-cases build the technical controls and run the program. You are the go-to expert and owner for who can access what data why and how. As part of the Information Security department this role reports to the CISO.

Program Leadership & Use-Case Management

• Own the data access governance program from discovery to implementation and operation.
• Act as the central technical authority and owner for the data access governance framework particularly for customer tenant data.
• Partner with Legal Product and Sales to discover interpret and define critical data access use‑cases and constraints required by contracts and regulations.
• Lead cross‑functional workshops to map data flows define access roles (RBAC) and secure stakeholder buy‑in.
• Develop and report on program KPIs to measure the state of access controls risk reduction and compliance.

Technical Architecture & Engineering

• Architect and design the technical data access framework including scalable RBAC models policies and integrations.
• Lead the hands‑on implementation and integration of our central IAM platform (e.g. Okta Entra ID) to enforce the access policies you design.
• Design build and maintain automated Joiner Mover and Leaver (JML) workflows to ensure secure user lifecycle management.
• Engineer and operate data discovery and classification tools to identify and map sensitive data flows.
• Engineer implement and manage the firm’s Data Loss Prevention (DLP) and data discovery / classification tools to map and protect sensitive data flows.

Governance Operations & Assurance

• Own and maintain the central registry of data and access constraints to ensure and demonstrate compliance.
• Serve as the primary technical escalation point and final approver for complex data access requests handling exceptions to the defined policies.
• Drive the program‑level rollout of the data access governance model working with Engineering and Infrastructure to get controls implemented.
• Manage and coordinate all periodic user access certification campaigns for sensitive data ensuring timely completion and sign‑off.
• Develop and report on program KPIs to measure the state of access controls and compliance.

• Experience: At least seven (7) years of proven experience in a hands‑on role spanning IAM data security or security architecture.
• Education: Bachelors Degree in a relevant field or equivalent work experience.
• Core Knowledge: Strong demonstrated understanding of core IAM principles (Least Privilege RBAC JML) and data security concepts.
• Hands‑On IAM: Hands‑on experience with major IAM platforms (e.g. Okta SailPoint Entra ID) and their integration.
• Technical Skills: Strong knowledge of authentication and authorization standards (SAML OAuth OpenID Connect SCIM).
• Proficiency in at least one scripting language (PowerShell Python) or a query language (SQL).
• Expertise in designing and operating Data Loss Prevention (DLP) data discovery and classification tools.
• Core Competencies: Proven program management skills; the ability to manage competing priorities drive projects to completion and hold stakeholders accountable.
• A strong investigative mindset with the ability to find and document requirements from non‑technical stakeholders.
• Excellent communication skills and the ability to act as a central point of authority with confidence.
• High degree of attention to detail and strong documentation skills.
• Compliance: Knowledge of data protection regulations and compliance frameworks (GDPR CCPA ISO27001 SOC2 HIPAA etc.) and their technical application.

• TA Interview
• CISO Interview
• Set of 3 team interviews including a panel

• Flexible remote and hybrid working options
• Competitive Salary and a variable component tied to personal and company performance
• Company equity
• Multiple Learning and Development opportunities including Focus Fridays a half‑day each month to focus on learning and personal growth
• Generous PTO and paid holidays
• Mental health benefits
• 2 MAD Days per year (Make A Difference Days for paid volunteering)

At Shift we strive to be a diverse and inclusive workforce. We welcome applications from and hire people who will contribute to the diversity of our company without regard to race, color, religion, marital status, age, national or ethnic origin, physical or mental disability, medical condition, pregnancy, genetic information, gender identity or expression, sexual orientation or other non‑merit criteria.

Shift Technology is committed to providing reasonable accommodations for qualified individuals with disabilities in our application and employment process. Should you require accommodation please email and we will work with you to meet your accessibility needs.

Please be aware of scammers and only trust correspondence that comes from emails ending in . We will never do initial outreach to you via Whatsapp/Text/SMS never ask for banking information or personal identification numbers (ex. Social Security Number) as part of our recruitment process.

Shift Technology does not accept unsolicited CVs from recruiters or employment agencies in response to the Shift Technology Careers page or a Shift Technology social media post. Any unsolicited CVs including those submitted directly to hiring managers are deemed to be the property of Shift Technology.

Employment Type: Full Time

Vacancy: 1