Overview
We are looking for a dynamic and influential Lead, Security Controls Specialist to lead our Cybersecurity Governance & Audit function with a solid focus on Identity and Access Management (IAM). This is a high-impact role at the intersection of cybersecurity, compliance, and identity governance, ideal for a seasoned professional who thrives in complex, regulated environments.
You will be responsible for shaping and maturing our cybersecurity governance framework, leading external audit and regulatory engagements, and serving as a trusted advisor to both internal and external stakeholders. You will play a critical role in articulating our IAM architecture and control posture to clients, auditors, and regulators, ensuring transparency, assurance, and continuous improvement.
The ideal candidate brings deep expertise in IAM governance, Privileged Access Management (PAM), and Identity Governance and Administration (IGA), along with the confidence to challenge evidence, defend control design, and drive audit readiness across the enterprise.
Key Responsibilities
* Governance & Compliance
o Lead the development, implementation, and continuous improvement of cybersecurity governance frameworks, policies, and standards.
o Ensure alignment with regulatory requirements (e.g., ISO 27001, NIST, GDPR, SOX).
o Drive policy adoption and compliance across business units and technology teams.
* Audit Management
o Own the end-to-end process for external cybersecurity and identity-related audits, including planning, coordination, evidence collection, and response to observations.
o Act as the main point of contact for external auditors, regulators, and third-party assurance teams.
o Support client audits and due diligence activities by articulating the organisation’s IAM architecture, controls, and operational processes.
o Review and challenge audit evidence to ensure accuracy, completeness, and relevance.
o Track and manage audit findings, ensuring timely remediation and closure.
o Collaborate with internal teams to ensure audit readiness and continuous improvement of control environments.
* IAM Governance
o Lead the strategic development and continuous improvement of IAM governance frameworks, ensuring alignment with enterprise security architecture and zero trust principles.
o Define and enforce policies for identity lifecycle management, access provisioning/deprovisioning, and role engineering across hybrid environments (cloud/on-prem).
o Oversee technical governance of PAM and IGA platforms, including integration with SIEM, ITSM, and HR systems.
o Drive automation and analytics in IAM processes to improve efficiency, reduce risk, and support audit readiness.
o Collaborate with IAM engineering and operations teams to ensure secure implementation of access controls, including API-level enforcement and dynamic access policies.
o Establish and monitor IAM governance KPIs (e.g., access review completion rates, orphaned accounts, SoD violations) and report to senior leadership.
* Risk & Controls
o Oversee the design and effectiveness of cybersecurity controls across the organisation.
o Conduct control assessments and gap analyses to identify areas of improvement.
o Collaborate with internal teams to define and implement risk mitigation strategies.
* Stakeholder Engagement
o Build strong relationships with internal and external stakeholders, including IT, Legal, Risk, Business Units, clients, auditors, and regulators.
o Represent the IAM function in external forums, including regulatory reviews, client assurance meetings, and third-party risk assessments.
o Provide clear, concise, and actionable reporting to senior leadership and governance committees.
o Educate and influence stakeholders on cybersecurity governance, IAM architecture, and audit readiness.
Required Skills & Experience
* Proven experience (7+ years) in cybersecurity governance, risk, and audit within a complex enterprise environment.
* Strong understanding of audit methodologies and regulatory frameworks (ISO 27001, NIST). Deep technical understanding of IAM architecture, protocols (SAML, OAuth, OpenID Connect), and directory services (LDAP, AD, Azure AD).
* Experience designing and implementing scalable IAM solutions in complex, multi-cloud environments.
* Familiarity with identity threat detection and response capabilities.
* Proven ability to translate business requirements into secure and compliant IAM solutions.
* Demonstrated ability to manage external audits and confidently engage with auditors.
* Experience reviewing and challenging technical and procedural evidence.
* Strong knowledge of IAM principles and governance.
* Hands-on experience with PAM solutions (BeyondTrust/CyberArk) and IGA platforms (e.g SailPoint).
* Excellent communication and stakeholder management skills.
* Strong analytical and problem-solving capabilities.
* Relevant certifications (e.g., CISA, CISM, CRISC, CISSP) preferred.
Desirable Attributes
* Strategic thinker with a pragmatic approach to governance and compliance.
* Ability to influence and drive change across diverse teams.
* Comfortable working in high-pressure environments with tight deadlines.
* Experience in regulated industries (e.g., financial services, healthcare, utilities) is a plus.
What We Offer
* Competitive salary and benefits package.
* Opportunity to shape and lead cybersecurity governance in a dynamic organisation.
* Collaborative and inclusive work environment.
* Professional development and certification support.
Seniority level: Mid-Senior level
Employment type: Full-time
Job function: Other, Information Technology, and Management
Industries: IT Services and IT Consulting and Financial Services
We are an equal opportunities employer. This means that we do not discriminate on the basis of race, religion, colour, national origin, gender, sexual orientation, gender identity, gender expression, age, marital status, veteran status, pregnancy or disability, or any other basis protected under applicable law. Conforming with applicable law, we can reasonably accommodate applicants' and employees' religious practices and beliefs, as well as mental health or physical disability needs.
Please take a moment to read this privacy notice carefully, as it describes what personal information a prospective candidate may be asked to provide, how it is used, and how to contact us.
#J-18808-Ljbffr