IAM Cloud Governance Engineer
KeyBank · Brooklyn, OH · 3 wk ago
HybridEngineering$80k–$150k/yrFull-time
Key Responsibilities
- Lead the governance framework for cloud identity and access across IaaS, PaaS, and SaaS platforms, including design standards, control requirements, and lifecycle oversight.
- Establish and maintain enterprise guardrails for cloud IAM constructs (roles, permissions, entitlements, conditional access, federation).
- Ensure consistent enforcement of least-privilege and separation-of-duties principles across cloud workloads.
- Own governance strategy for service accounts and non-human identities, including inventory completeness, ownership attribution, credential lifecycle, and risk classification.
- Define certification, recertification, and exception handling processes for NHIs in alignment with audit and compliance requirements.
- Partner with platform and application teams to remediate unmanaged or high-risk service accounts.
- Provide governance leadership over privileged access patterns for cloud and hybrid systems, including just-in-time access, break-glass processes, and session oversight.
- Ensure HPAM controls are consistently applied and measurable across cloud and on-prem systems, supporting regulatory and internal risk assessments.
- Translate regulatory, audit, and risk requirements into actionable IAM governance controls and measurable evidence.
- Support internal and external audits by providing policy documentation, process flows, certification results, and exception rationale.
- Act as IAM governance SME for second-line risk and control partners.
- Serve as senior escalation point and decision authority for IAM cloud governance issues and design exceptions.
- Influence IAM strategy, roadmap prioritization, and operating model improvements.
- Mentor analysts and senior practitioners within IAM governance and compliance functions.
Required Qualifications
- Deep experience in Identity & Access Management (IAM) within large enterprise environments.
- Hands-on knowledge of cloud IAM models, including human and non-human identities.
- Strong understanding of governance, risk, and control design, including audit evidence expectations.
- Experience governing privileged access models and service account lifecycles.
- Proven ability to translate policy and regulatory requirements into operational controls.
Preferred Qualifications
- Experience supporting regulated environments (financial services, SOX-relevant systems).
- Familiarity with ServiceNow or similar platforms for inventory, workflow, and reporting.
- Professional security or audit certifications (e.g., CISA, CISSP) preferred but not required.
- Demonstrated leadership in cross-functional, matrixed organizations.
- Awareness of Google Gemini Enterprise.