Identity & Access Management; IAM Governance Executive

Job Summary

Senior Vice President, Executive of Identity & Access Management (IAM) Governance – Global Information Security (GIS). This role is the enterprise authority for identity governance strategy, policy, and risk management across Bank of America.

The role defines and drives IAM governance vision across the bank, ensuring identity controls, technologies, and processes align with globally recognized frameworks, regulatory expectations, and the bank’s strategic objectives. The leader oversees enterprise‑wide IAM governance, including policy, standards, lifecycle controls, access certifications, privileged access governance, authentication, and identity risk metrics.

• Expertise in IAM Governance & Control Framework
  • Deep command of identity standards and regulatory expectations including NIST 800‑63‑4 (digital identity assurance), NIST 800‑53 AC/IA controls, and ISO 27001 Annex A 5.16 identity lifecycle requirements.
  • Ability to translate these frameworks into enterprise policy, standards, and measurable control objectives.
  • Participate in industry forums and represent the bank as needed, to ensure evolution of IAM governance in alignment with peer banks.
• Identity Technologies & Architecture Mastery
  • Extensive experience with enterprise IGA platforms (e.g., SailPoint, Saviynt), federation/SSO/MFA (OIDC, SAML), directory services, and privileged access technologies, consistent with senior‑level role expectations.
• Privileged Access & Zero Standing Privilege (ZSP)
  • Strong understanding of Just‑in‑Time (JIT) privileged access models and risk‑based reduction of standing admin privileges aligned with modern PAM best practices.
• Regulatory & Audit Alignment for Financial Services
  • Ability to interpret, operationalize, and evidence compliance with FFIEC Authentication & Access Guidance and global regulatory expectations for layered security, MFA, and monitoring expectations.
• Executive Communication & Governance Leadership
  • Exceptional ability to articulate technical identity risks, residual exposure, and compliance posture to senior business leaders, regulators, Internal Audit, Compliance, and Operational Risk.
• Enterprise Metrics & Identity Risk Insight
  • Skilled in designing and governing IAM KRIs/KPIs (e.g., certification quality, toxic entitlement reduction, IGA onboarding velocity, JIT/ZSP adoption).
• Cross‑Functional Influence & Three‑Lines‑of‑Defense Partnership
  • Ability to influence technology executives, CIO organizations, BISOs, and control partners to drive identity risk reduction and consistent taxonomy and control adoption.

• 10+ years of leadership experience in IAM, information security governance, risk management, or related executive technology functions within large‑scale, regulated enterprises.
• Proven experience leading large global teams, managing executive governance forums, and directing complex IAM transformation initiatives.
• Demonstrated success overseeing and continually improving IGA, federation, privileged access, secrets management, and identity lifecycle modernization programs across hybrid environments.
• Experience preparing for and responding to regulatory exams and internal/external audits, ensuring alignment to FFIEC requirements and NIST/ISO frameworks.
• Track record driving adoption of modern authentication and identity proofing approaches aligned with NIST SP 800‑63‑4.
• Ability to reduce privileged access risk through JIT/ZSP and PAM modernization initiatives in alignment with IAM policy requirements.
• Professional certifications preferred: CISSP, CISM, CISA, CGEIT, and IAM platform‑specific certifications.

Shift: 1st shift (United States of America). Hours per week: 40.

Pay range: USD 240, annualized salary, plus discretionary incentive eligibility. Employees are eligible for an annual discretionary award based on overall individual performance.

Benefits:
The role is benefit eligible. It includes industry‑leading benefits, access to paid time off, and resources and support for holistic well‑being.