IAM Governance Analyst

IAM Governance Analyst

Department
Identity and Access Management Governance

Role Summary
The Cybersecurity Control Assurance and Governance Analyst supports the design, oversight, and effectiveness of the bank’s Identity and Access Management governance framework. This role blends IAM domain expertise with strong data analytics capabilities to evaluate control effectiveness, enhance risk visibility, and ensure alignment with regulatory requirements and internal standards. The role focuses on governance execution, control assurance, and translating complex cybersecurity data into meaningful insights for business and risk stakeholders.

Key Responsibilities

IAM Governance
• Support the development and maintenance of IAM minimum requirements, standards, procedures, and guidelines
• Ensure IAM governance practices align with business objectives, risk appetite, and regulatory expectations
• Participate in policy exception management and control waiver processes
• Partner with business lines, risk management, compliance, and internal audit to drive consistent and effective governance
• Maintain IAM risk and control libraries within GRC platforms such as Archer

Data Analytics and Reporting
• Ingest, analyze, and interpret large volumes of cybersecurity and IT risk data from multiple sources such as GRC tools, Sphere, and audit logs
• Transform raw data through ETL processes into actionable insights, dashboards, and scorecards for business and risk stakeholders
• Develop and maintain control effectiveness metrics, key risk indicators, and operational risk reporting
• Identify trends, anomalies, and risk signals using data visualization and analytics tools such as Tableau
• Partner with data engineering teams to ensure accuracy, quality, and availability of security related datasets

Control Assurance
• Conduct risk based assessments and control testing for identity and access management processes across the enterprise
• Validate both design and operating effectiveness of technical and administrative security controls
• Develop control testing procedures aligned to NIST and internal control methodologies
• Track control deficiencies, remediation activities, and outcomes
• Communicate control assurance results and risk posture to senior management and key stakeholders

Audit and Regulatory Support
• Act as a liaison for internal audits, external audits, regulatory examinations, and third party assessments
• Coordinate audit responses, evidence collection, and issue tracking
• Support ongoing regulatory and risk management inquiries related to IAM controls

Qualifications

Education
• Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or related field

Certifications Preferred
• CISA
• CISSP
• CRISC
• CISM

Experience
• Three to seven years of experience in cybersecurity, IT risk management, internal audit, or compliance
• Demonstrated experience analyzing and contextualizing cybersecurity and IT risk data
• Strong understanding of cybersecurity frameworks and regulatory requirements
• Hands on experience with control testing, audits, and GRC platforms

Skills and Competencies
• Strong analytical, documentation, and written communication skills
• Ability to translate technical cybersecurity risks into clear business language
• Working knowledge of IT architecture, systems, cloud platforms, and their security implications
• Ability to manage multiple priorities in a fast paced environment with minimal supervision

Preferred Tools and Technologies
• GRC platforms such as Archer or ServiceNow GRC
• Risk and control frameworks including NIST
• Cloud and SaaS platforms such as AWS and Azure