Security Program Manager

The IAM Programme Manager is accountable for the strategic planning governance and delivery of the organisations Identity Access Management IAM programme This role oversees multiple IAM workstreamstechnology process governance and organisational changeto ensure secure compliant and efficient identity services across the enterprise

The Programme Manager will drive alignment between business security architecture and operational teams ensuring IAM capabilities are delivered in line with regulatory requirements security standards and business outcomes

• Programme Leadership Governance
• Lead the endtoend IAM programme ensuring delivery of agreed outcomes capabilities and benefits
• Establish programme governance steering groups reporting structures and decisionmaking frameworks
• Maintain programmelevel plans roadmaps RAID logs dependency maps and financial tracking
• Ensure alignment with enterprise security strategy architecture principles and PMO standards
• Strategic Planning Road mapping
• Develop and maintain the IAM strategy and multiyear roadmap covering identity lifecycle access governance authentication authorisation privileged access and federation
• Prioritise workstreams based on risk business value and organisational readiness
• Identify capability gaps and propose investment cases for new IAM tools or enhancements
• Stakeholder Executive Engagement
• Act as the primary point of contact for senior stakeholders including CISO CIO HR Operations and Audit
• Communicate programme progress risks and decisions clearly and confidently to executive leadership
• Manage expectations across business units and ensure alignment with organisational change initiatives
• Delivery Oversight
• Oversee delivery of IAM workstreams such as
• Identity Governance Administration IGA
• JoinerMoverLeaver automation
• Access request approval workflows
• Access certification role mining
• SSOMFA enhancements
• Privileged Access Management PAM
• Ensure technical teams vendors and integrators deliver to scope quality and timelines
• Manage interdependencies with HR ITSM security operations and application teams
• Vendor Partner Management
• Manage relationships with IAM vendors and implementation partners eg SailPoint Microsoft CyberArk DTS partners
• Oversee SOWs deliverables commercials and performance of thirdparty suppliers
• Ensure clear RACI and accountability across internal and external teams
• Risk Compliance Security
• Ensure IAM capabilities meet regulatory audit and compliance requirements eg GDPR CAF eCAF ISO 27001 NIS2
• Identify and manage programmelevel risks issues and security implications
• Ensure IAM controls are embedded into BAU processes and operational teams
• Change Management Adoption
• Oversee organisational change activities including training communications process updates and stakeholder engagement
• Ensure new IAM capabilities are adopted effectively and sustainably across the business
• Drive cultural change towards least privilege zero trust and strong identity hygiene

• Proven experience delivering largescale IAM or cybersecurity programmes in complex organisations
• Strong understanding of IAM domains including
• Identity lifecycle management
• Access governance certification
• RBACABAC
• SSO MFA federation
• Privileged access
• Directory services
• Experience with IAM platforms such as SailPoint particularly but also Azure AD Okta CyberArk or similar
• Strong programme management skills road mapping budgeting governance reporting
• Excellent stakeholder management and communication skills including at executive level
• Experience managing multivendor delivery environments
• Strong understanding of regulatory and audit requirements related to identity and access

• Experience in regulated or critical infrastructure sectors utilities finance telecoms government
• Background in security architecture or technical IAM delivery
• Experience with cloud identity models and Zero Trust frameworks
• Familiarity with HR systems and identity data flows
• Experience leading role mining access modelling or identity governance maturity assessments