IAM Cloud Engineer

The Senior IAM Cloud Governance Lead is responsible for defining, implementing, and overseeing the enterprise governance model for cloud-based identities, privileged access, and non-human identities (service accounts). This role provides technical Collaboration with Service Account Governance, and Human Privileged Access Management (HPAM), ensuring alignment with security policy, regulatory obligations, and audit expectations across hybrid and multi-cloud environments.

The role acts as a governance authority and escalation point, partnering closely with IAM engineering, cloud platform teams, risk management, audit, and application owners., * Lead the governance framework for cloud identity and access across IaaS, PaaS, and SaaS platforms, including design standards, control requirements, and lifecycle oversight.

• Establish and maintain enterprise guardrails for cloud IAM constructs (roles, permissions, entitlements, conditional access, federation).
• Ensure consistent enforcement of least-privilege and separation-of-duties principles across cloud workloads.

Service Account / Non-Human Identity (NHI) Governance

• Own governance strategy for service accounts and non-human identities, including inventory completeness, ownership attribution, credential lifecycle, and risk classification.
• Define certification, recertification, and exception handling processes for NHIs in alignment with audit and compliance requirements.
• Partner with platform and application teams to remediate unmanaged or high-risk service accounts.

Privileged Access & HPAM Oversight

• Provide governance leadership over privileged access patterns for cloud and hybrid systems, including just-in-time access, break-glass processes, and session oversight.
• Ensure HPAM controls are consistently applied and measurable across cloud and on-prem systems, supporting regulatory and internal risk assessments.

Risk, Audit, and Compliance Enablement

• Translate regulatory, audit, and risk requirements into actionable IAM governance controls and measurable evidence.
• Support internal and external audits by providing policy documentation, process flows, certification results, and exception rationale.
• Act as IAM governance SME for second-line risk and control partners.

Leadership & Strategic Enablement

• Serve as senior escalation point and decision authority for IAM cloud governance issues and design exceptions.
• Influence IAM strategy, roadmap prioritization, and operating model improvements.
• Mentor analysts and senior practitioners within IAM governance and compliance functions.

• Deep experience in Identity & Access Management (IAM) within large enterprise environments.
• Hands-on knowledge of cloud IAM models, including human and non-human identities.
• Strong understanding of governance, risk, and control design, including audit evidence expectations.
• Experience governing privileged access models and service account lifecycles.
• Proven ability to translate policy and regulatory requirements into operational controls., * Experience supporting regulated environments (financial services, SOX-relevant systems).
• Familiarity with ServiceNow or similar platforms for inventory, workflow, and reporting.
• Professional security or audit certifications (e.g., CISA, CISSP) preferred but not required.
• Demonstrated leadership in cross-functional, matrixed organizations.
• Awareness of Google Gemini Enterprise

Core Skills and Competencies

• Cloud IAM governance and entitlement modeling (Google and Azure)
• Service account / non-human identity governance
• Privileged access oversight (HPAM) (CyberArk)
• Risk assessment and control design
• Audit and evidence management, Qualified individuals with disabilities or disabled veterans who are unable or limited in their ability to apply on this site may request reasonable accommodations by emailing HR_Compliance@keybank.com.

This position is eligible to earn a base salary in the range of $80,000.00 - $150,000.00 annually. Placement within the pay range may differ based upon various factors, including but not limited to skills, experience and geographic location. Compensation for this role also includes eligibility for incentive compensation which may include production, commission, and/or discretionary incentives.