Jobs · Engineering · Ohio

IAM Cloud Governance Engineer

KeyBank · Brooklyn, OH · 3 wk ago
HybridEngineering$80k–$150k/yrFull-time

Key Responsibilities

  • Lead the governance framework for cloud identity and access across IaaS, PaaS, and SaaS platforms, including design standards, control requirements, and lifecycle oversight.
  • Establish and maintain enterprise guardrails for cloud IAM constructs (roles, permissions, entitlements, conditional access, federation).
  • Ensure consistent enforcement of least-privilege and separation-of-duties principles across cloud workloads.
  • Own governance strategy for service accounts and non-human identities, including inventory completeness, ownership attribution, credential lifecycle, and risk classification.
  • Define certification, recertification, and exception handling processes for NHIs in alignment with audit and compliance requirements.
  • Partner with platform and application teams to remediate unmanaged or high-risk service accounts.
  • Provide governance leadership over privileged access patterns for cloud and hybrid systems, including just-in-time access, break-glass processes, and session oversight.
  • Ensure HPAM controls are consistently applied and measurable across cloud and on-prem systems, supporting regulatory and internal risk assessments.
  • Translate regulatory, audit, and risk requirements into actionable IAM governance controls and measurable evidence.
  • Support internal and external audits by providing policy documentation, process flows, certification results, and exception rationale.
  • Act as IAM governance SME for second-line risk and control partners.
  • Serve as senior escalation point and decision authority for IAM cloud governance issues and design exceptions.
  • Influence IAM strategy, roadmap prioritization, and operating model improvements.
  • Mentor analysts and senior practitioners within IAM governance and compliance functions.

Required Qualifications

  • Deep experience in Identity & Access Management (IAM) within large enterprise environments.
  • Hands-on knowledge of cloud IAM models, including human and non-human identities.
  • Strong understanding of governance, risk, and control design, including audit evidence expectations.
  • Experience governing privileged access models and service account lifecycles.
  • Proven ability to translate policy and regulatory requirements into operational controls.

Preferred Qualifications

  • Experience supporting regulated environments (financial services, SOX-relevant systems).
  • Familiarity with ServiceNow or similar platforms for inventory, workflow, and reporting.
  • Professional security or audit certifications (e.g., CISA, CISSP) preferred but not required.
  • Demonstrated leadership in cross-functional, matrixed organizations.
  • Awareness of Google Gemini Enterprise.

Similar jobs

Cloud IAM Engineer

Tata Consultancy ServicesIrving, TX· 2 days ago
Engineering$100k–$130k/yrapply on ibegin.tcsapps.com

Cloud IAM Architect, VP

MUFGJersey City, NJ· 2 mo ago
Engineering$180k–$220k/yrapply on mufgub.wd3.myworkdayjobs.com