OverviewThis position manages specific Governance, Risk, and Compliance (GRC) services within the Identity and Access Management (IAM) organization. Reporting to the Global Head, IAM Operations, the GRC Risk Manager is a cybersecurity leader who will own all aspects of Operations for the Identity Governance and Administration (IGA) and Privileged Access Management (PAM) competences for all First Citizens Bank (FCB) entities (CIT, Silicon Valley Bank, Boston Private, etc.). A deep, end-to-end knowledge of the IGA and PAM operational processes is a necessity for this role.Develops and maintains the strategic mission of the IAM Identity Governance and PAM GRC functions. Assists in the development, implementation and monitoring of processes used in support of delivering GRC services throughout the bank. Helps establish and maintain influential relationships with IT management, regulators, internal audit, and business partners. Manages the people, process and technology supporting the IAM Governance Program, including IGA and PAM security compliance, vendor due diligence, and training and awareness efforts.This role is remote eligible.ResponsibilitiesIGA responsibilities include:Establishing and maintaining operational procedures for Joiners, Movers and Leavers as well as the certification (or user access review) process, in accordance with GRC IAM controlsEnsuring proper scoping of user access reviews, ensuring comprehensive engagement with application and platform teams, as well as with the second and third lines of defense stakeholdersEnsuring the completeness and accuracy of user access and entitlement data for all application certifications in adherence to regulatory requirements, standards, and policiesDirecting operational oversight over application integrations into the certification process and toolingLeading broad adoption of FCBs Role-Based Access Control (RBAC) program to newer entitiesEstablishing operational processes for the Separation of Duties (SoD) programExpanding all IGA operational functions to decentralized platforms and applicationsAccountability to audit and compliance to evidence certification completeness and to provide operational walkthroughs and documentationPAM responsibilities include:Establishing and maintaining operational procedures for human and non-human privileged account creation and use, in accordance with GRC IAM controlsEnforcing GRC controls for PAM across centralized and centralized platforms and applicationsSolutioning operational gaps and future enhancements for PAM related proceduresMaintaining and expanding end-point privileged access processesEnforcing privileged account threat protection in partnership with vulnerability management teamsGeneral ResponsibilitiesBusiness Strategy – Defines technology, process, standards, and procedures utilized by team. Builds strong partnerships with industry peers, government agencies, and risk management communities. Monitors industry for emerging techniques and technology applicable to Bank operations. Drives continuous improvement of program capabilities by designing and implementing new security products, services, andProgram Oversight – Manages GRC capabilities that identify, analyze, and mitigate risk for various information security, technology, and business units. Leads the development and reporting of security metrics and risk information to executive leadership. Coordinate security efforts and audits by both internal and external parties. Responsible for program budgets andManagerial Functions – Establishes and monitors expectations to achieve company and department goals. Makes appropriate changes to team policies, procedures, and efficiencies in order to meet objectives. Manages the performance, training, and evaluation of assigned staff. Maximizes department achievements by providing professionalTraining – Develops, implements, and manages the IT security awareness and training program. Develops internal training curriculum and builds security awareness. Ensures awareness of and compliance with all security policies and standards.The base pay for this position is relative to your experience but the range is generally$123,143 to $213,447 per year.QualificationsBachelor’s Degree and 8 years of experience in Information Technology Security, Operations, Risk Management, or Audit OR High School Diploma or GED and 12 years of experience in Information Technology Security, Operations, Risk Management, or AuditSkill(s): Ability to develop and implement information security strategies in large, complex, Effective at communicating audience-appropriate information to technical, management, and executive , Proficiency in assessing risk and risk management , Knowledge of IT policies, standards, and procedures frameworks as well as their development and , Knowledge of standard risk management or control frameworks such as COBIT, ISO, and ITIL, Knowledge of regulatory requirements and guidelines
