Manager, Technology Risk & IAM
Concurrent · Tampa, FL · 1 mo ago
HybridEngineeringFull-time
Responsibilities
- Manage day-to-day identity and access management (IAM) processes across core business systems and SaaS platforms
- Design and maintain role-based access models aligned with least-privilege principles
- Oversee onboarding, transfers, and offboarding access provisioning workflows
- Conduct recurring user access reviews and permission recertification exercises
- Partner with department leaders to align system access with business responsibilities and segregation of duties requirements
- Identify excessive, outdated, or conflicting permissions and drive remediation efforts
- Improve workflows related to access requests, approvals, documentation, and audit evidence retention
- Assist in evaluating IAM tools, automation opportunities, and access governance enhancements
- Support and help manage the firm’s cybersecurity program and ongoing security initiatives
- Monitor security risks across systems, applications, endpoints, and third-party vendors
- Coordinate vulnerability remediation efforts, patch management follow-up, and security improvements
- Aid in phishing prevention initiatives, multifactor authentication standards, endpoint protection, and email security controls
- Support incident response readiness, issue escalation, and post-incident remediation activities
- Maintain cybersecurity policies, procedures, standards, and supporting documentation
- Coordinate testing related to infrastructure resiliency, backups, failover readiness, and recovery processes
- Support system capacity reviews and infrastructure stress testing initiatives
- Partner with vendors and internal stakeholders to identify operational, resiliency, and security risks
- Track remediation items tied to security gaps, operational issues, and performance concerns
- Support internal audits, due diligence requests, cybersecurity questionnaires, and vendor security reviews
- Maintain documentation and evidence supporting access management and cybersecurity controls
- Serve as a trusted internal resource regarding access governance, security controls, and technology risk management
- Translate technical issues into practical business recommendations for non-technical stakeholders
- Promote a culture of accountability, secure behavior, and process discipline
- Recommend scalable improvements as the organization continues to grow
Qualifications
- Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, Business, or a related field preferred
- 5+ years of experience in identity and access management (IAM), cybersecurity, IT administration, IT risk, or technology operations
- Strong understanding of identity and access management principles, access governance, multifactor authentication, endpoint protection, and cybersecurity best practices
- Experience administering user access across multiple enterprise systems and SaaS platforms
- Experience with role-based access controls, user provisioning, access recertifications, and segregation of duties processes
- Experience within financial services, wealth management, banking, insurance, or another regulated industry preferred
- Experience supporting SEC-regulated environments, Registered Investment Advisors (RIA), or broker-dealer platforms preferred
- Familiarity with Microsoft 365, Salesforce or CRM environments, custodian portals, and enterprise SaaS ecosystems preferred
- Industry certifications such as Security+, CISSP, CISM, CISA, or similar certifications preferred
- Strong analytical, organizational, and problem-solving skills
- Strong verbal and written communication skills with the ability to work cross-functionally across departments
- Ability to manage multiple priorities in a fast-paced, growing organization
- Experience working within multi-location or rapidly scaling organizations preferred