Associate Director - IAM Audit & Governance Management (Identity Access management)

Job Description

S&P Global Corporate

About the Role

The Team

Responsibilities and Impact:

• Lead compliance initiatives for critical frameworks including SOX, ITGC, SOC 1, SOC 2, ISO 27001, NIST 800-53, and NIST 800-171 to maintain enterprise security posture
• Drive audit finding remediation and closure tracking while collaborating with cross-functional teams including Vulnerability Management and Third-Party Risk Management
• Develop and implement automation strategies for audit evidence collection and reporting to enhance operational efficiency and audit readiness
• Manage comprehensive IAM governance across enterprise platforms including SailPoint IIQ, Okta, and CyberArk, ensuring optimal configuration and control effectiveness
• Oversee and audit Joiner, Mover, and Leaver (JML) processes to ensure proper access provisioning, modification, and deprovisioning throughout employee lifecycle management
• Collaborate with cross-functional teams to assess and enhance privileged access management (PAM) controls with in CyberArk environments
• Conduct regular reviews of role-based access control (RBAC) models and segregation of duties (SoD) policies to ensure appropriate access governance
• Provide subject matter expertise during regulatory examinations and external audits, ensuring comprehensive documentation and evidence preparation
• Develop and maintain IAM control documentation, including process flows, control narratives, and testing procedures for audit readiness
• Lead risk assessment activities related to identity and access management, identifying potential vulnerabilities and recommending mitigation strategies
• Lead access certification campaigns and reviews, ensuring timely completion and remediation of identified access risks across all IAM platforms
• Drive audit finding remediation and closure tracking while providing expert guidance on IAM governance best practices and control optimization strategies
• Lead access certification campaigns and reviews, ensuring timely completion and remediation of identified access risks across all IAM platforms

What We’re Looking For:

Basic Required Qualifications:

• Bachelor's degree in computer science, Information Security, Engineering, or equivalent technical experience
• 12+ years of experience in identity and access management & Audit with strong understanding of Audit frameworks.
• Proven experience on frameworks including SOX, ITGC, SOC 1, SOC 2, ISO 27001, NIST 800-53, and NIST 800-171
• Excellent communication skills and ability to collaborate effectively with cross-functional teams in a fast-paced environment
• Advanced certifications such as CISSP, CISM, CGEIT, or CISA demonstrating expertise in information security management, governance, and audit practices
• Experience leading cross-functional audit teams and managing stakeholder relationships across Internal Audit, Risk Management, and Compliance organizations
• Proven track record in audit finding remediation project management with demonstrated ability to drive closure of complex IAM-related findings within established timelines
• Strong background in enterprise identity governance platforms such as SailPoint IdentityIQ, Okta Workforce Identity, or CyberArk Privileged Access Management with hands-on configuration and administration experience
• Experience with automated compliance reporting and audit evidence collection tools, with ability to streamline audit processes and improve efficiency across multiple compliance frameworks

Additional Preferred Qualifications:

• Experience leading cross-functional audit teams and managing stakeholder relationships across Internal Audit, Risk Management, and Compliance organizations
• Proven track record in audit finding remediation project management with demonstrated ability to drive closure of complex IAM-related findings within established timelines