AVP Identity & Access Management

CardWorks • Full-time • Woodbury, NY, US • $162.41k - $180.45k / year • 2h ago

Position Summary:

The AVP of Identity and Access Management (IAM/PAM/RBAC) is responsible for the operational execution and day-to-day management of the organization’s Identity and Access Management program. Reporting to the VP of Identity and Access, this role ensures IAM strategy is translated into effective, secure, and scalable operational practices across the enterprise.

The AVP will serve as a hands-on technical and operational leader, partnering closely with application teams, infrastructure teams, and business stakeholders to ensure access controls are implemented consistently and in accordance with least-privilege, regulatory requirements, and organizational risk tolerance. This role requires deep technical expertise, strong execution discipline, and the ability to manage teams and complex initiatives in a regulated financial services environment.

Essential Functions:

IAM Control Operations & Execution Leadership

Expectation: Provide strategic and operational leadership for IAM detective control execution, ensuring consistent, high-quality control performance across teams, platforms, and business units.

Establish and oversee execution standards for enterprise IAM detective controls, including access certifications, role and entitlement reviews, authentication configuration assessments, access monitoring, and exception management.

Ensure IAM detective controls are not only operating effectively, but are designed to scale, adapt to risk, and evolve with changes in business processes, systems, and regulatory requirements.

Direct the prioritization, investigation, escalation, and remediation of access issues identified through detective controls, ensuring timely resolution and clear ownership across engineering, operations, and application teams.

Maintain executive accountability for control outcomes by tracking issues, themes, and remediation progress through closure, validating risk reduction and sustainable improvements.

IAM Security Monitoring & Incident Leadership

Expectation: Lead IAM security monitoring and incident support capabilities, ensuring readiness, consistency, and effective decision making during access related security events.

Align with VP and set expectations and direction for teams responsible for IAM and PAM logging, alerting, monitoring, and certification evidence, ensuring alignment with broader security operations practices.

Ensure IAM and PAM activity is consistently monitored for anomalous behavior, unauthorized access, excessive privilege usage, and indicators of compromise, with clear escalation paths and response playbooks.

Provide day to day leadership oversight during identity related security incidents, investigations, and penetration testing activities, ensuring effective coordination between IAM, SOC, incident response, and engineering teams.

Ensure IAM and PAM data is leveraged effectively to support investigations, forensic analysis, audits, and regulatory inquiries, with a focus on accuracy, timeliness, and completeness.

IAM Process Maturity, Automation & Capability Development

Expectation: Drive maturation of IAM control processes and capabilities through automation, standardization, and scalable operating models.

Align with VP and set expectations and direction and priorities for automating IAM detective control execution, reporting, and evidence collection, balancing risk reduction with operational efficiency.

Ensure teams actively identify and remediate manual, brittle, or spreadsheet driven processes, replacing them with sustainable workflows and platform based capabilities.

Partner with IAM engineering and platform leadership to improve identity data quality, entitlement clarity, metadata completeness, and overall tooling reliability.

Establish continuous improvement practices using metrics, root cause analysis, audit feedback, and post incident reviews to evolve IAM control effectiveness over time.

Audit Readiness, Risk Ownership & Regulatory Engagement

Expectation: Own audit readiness and risk outcomes for IAM detective controls, ensuring sustained compliance and defensible control posture.

Ensure IAM detective control operations consistently meet regulatory, policy, and enterprise risk management expectations (e.g., SOX, PCI, SOC1, SOC2, FFIEC).

Direct audit preparation activities across teams, including evidence delivery, control walkthroughs, documentation quality, and responsiveness to auditor inquiries.

Accountable for timely and effective remediation of audit findings related to IAM detective controls, ensuring root causes are addressed—not just symptoms.

Serve as a senior IAM risk partner to compliance, audit, and risk management teams, proactively identifying control gaps and driving corrective action plans.

Organizational Leadership, Stakeholder Engagement & Reporting

Expectation: Lead IAM detective control operations as an enterprise capability, aligning people, process, and technology to organizational risk and security objectives.

Provide leadership and direction to managers and engineers responsible for IAM control execution, monitoring, and reporting, ensuring clear accountability and performance expectations.

Act as the primary operational liaison between IAM, security operations, engineering, application teams, and risk stakeholders for detective control matters.

Deliver clear, concise, and actionable reporting on control performance, risk trends, systemic issues, and improvement initiatives to the VP of Identity and Access and senior stakeholders.

Represent IAM operations in governance forums, risk committees, and security leadership discussions, providing operational insight and informed recommendations.

Education and Experience

Bachelor’s degree in information security, Computer Science, or a related discipline, or equivalent practical experience.

Experience operating and supporting enterprise IAM and PAM environments in a regulated organization.

Experience leading or supervising cybersecurity or IAM-focused teams.

Experience partnering with application and infrastructure teams to remediate access risks and implement controls.

A minimum of 8 years of experience in Identity and Access Management or related cybersecurity roles.

Hands-on experience with IAM and PAM tools such as SailPoint, Microsoft PIM, Azure AD/Entra ID, Purview, and Delinea (or similar platforms).

Working knowledge of scripting or automation technologies (e.g., PowerShell, Python) preferred.

Industry certifications such as CISSP, CISM, Security+, or IAM-specific certifications are desirable.

Working knowledge of regulatory and control frameworks such as SOX, SOC1, SOC2, or similar security and compliance standards.

Summary of Qualifications

Strong technical understanding of IAM, RBAC, and PAM concepts with the ability to apply them in real-world environments.

Demonstrated ability to execute complex initiatives and manage competing operational priorities.

Clear and effective communicator, capable of engaging both technical teams and non-technical stakeholders.

Detail-oriented with strong analytical and problem-solving skills.

Proven experience supporting audits and regulatory reviews within financial services or similarly regulated industries.

Ability to lead teams through operational stress related to access outages, incidents, and audit findings.

Experience working closely with senior leadership to implement security strategy at scale.

Ideally, the qualified candidate will work at the following location(s): Woodbury, NY; Pittsburgh, PA. A hybrid work model or fully remote model can be considered based on hiring manager decision and priorities of the role.

The salary range for this position, if located in NY Metro/NY State is $162,406 to $180, 452. However, please note that the salary range will vary for other geographic areas.

#INDHP

Our Employee Value Proposition

Competitive Pay, including a Bonus Target or Variable Pay Incentive Program
Benefits Package -Medical, Dental, and Vision (plus much more)
401(k) Plan with Company Match
Short- & Long-Term Disability
Wellness Programs
Group Life and AD&D Insurance
Paid Vacation, Sick Days and bank Holidays
Employee Engagement Activities including Employee Appreciation Day, DEI Employee Resource Groups, Corporate Social Responsibility, Service Recognition

We offer a total rewards package comprised of a competitive base rate of pay, variable pay incentive programs based on the role, and a comprehensive benefit suite.  Offered rates of pay are determined based on job-related knowledge, relevant experience, skills, certifications, and geographic location.