This position manages specific Governance, Risk, and Compliance (GRC) services within the Identity and Access Management (IAM) organization. Reporting to the Global Head, IAM Operations, the GRC Risk Manager is a cybersecurity leader who will own all aspects of Operations for the Identity Governance and Administration (IGA) and Privileged Access Management (PAM) competences for all First Citizens Bank (FCB) entities (CIT, Silicon Valley Bank, Boston Private, etc.). A deep, end-to-end knowledge of the IGA and PAM operational processes is a necessity for this role.
Develops and maintains the strategic mission of the IAM Identity Governance and PAM GRC functions. Assists in the development, implementation and monitoring of processes used in support of delivering GRC services throughout the bank. Helps establish and maintain influential relationships with IT management, regulators, internal audit, and business partners. Manages the people, process and technology supporting the IAM Governance Program, including IGA and PAM security compliance, vendor due diligence, and training and awareness efforts.
This role is remote eligible.
Responsibilities
IGA responsibilities include:
- Establishing and maintaining operational procedures for Joiners, Movers and Leavers as well as the certification (or user access review) process, in accordance with GRC IAM controls
- Ensuring proper scoping of user access reviews, ensuring comprehensive engagement with application and platform teams, as well as with the second and third lines of defense stakeholders
- Ensuring the completeness and accuracy of user access and entitlement data for all application certifications in adherence to regulatory requirements, standards, and policies
- Directing operational oversight over application integrations into the certification process and tooling
- Leading broad adoption of FCB's Role-Based Access Control (RBAC) program to newer entities
- Establishing operational processes for the Separation of Duties (SoD) program
- Expanding all IGA operational functions to decentralized platforms and applications
- Accountability to audit and compliance to evidence certification completeness and to provide operational walkthroughs and documentation
PAM responsibilities include:
- Establishing and maintaining operational procedures for human and non-human privileged account creation and use, in accordance with GRC IAM controls
- Enforcing GRC controls for PAM across centralized and centralized platforms and applications
- Solutioning operational gaps and future enhancements for PAM related procedures
- Maintaining and expanding end-point privileged access processes
- Enforcing privileged account threat protection in partnership with vulnerability management teams
General Responsibilities
- Business Strategy - Defines technology, process, standards, and procedures utilized by team. Builds strong partnerships with industry peers, government agencies, and risk management communities. Monitors industry for emerging techniques and technology applicable to Bank operations. Drives continuous improvement of program capabilities by designing and implementing new security products, services, and
- Program Oversight - Manages GRC capabilities that identify, analyze, and mitigate risk for various information security, technology, and business units. Leads the development and reporting of security metrics and risk information to executive leadership. Coordinate security efforts and audits by both internal and external parties. Responsible for program budgets and
- Managerial Functions - Establishes and monitors expectations to achieve company and department goals. Makes appropriate changes to team policies, procedures, and efficiencies in order to meet objectives. Manages the performance, training, and evaluation of assigned staff. Maximizes department achievements by providing professional
- Training - Develops, implements, and manages the IT security awareness and training program. Develops internal training curriculum and builds security awareness. Ensures awareness of and compliance with all security policies and standards.
The base pay for this position is relative to your experience but the range is generally
$123,143 to $213,447 per year.
Qualifications
Bachelor's Degree and 8 years of experience in Information Technology Security, Operations, Risk Management, or Audit OR High School Diploma or GED and 12 years of experience in Information Technology Security, Operations, Risk Management, or Audit
Skill(s): Ability to develop and implement information security strategies in large, complex, Effective at communicating audience-appropriate information to technical, management, and executive , Proficiency in assessing risk and risk management , Knowledge of IT policies, standards, and procedures frameworks as well as their development and , Knowledge of standard risk management or control frameworks such as COBIT, ISO, and ITIL, Knowledge of regulatory requirements and guidelines