Identity & Access Security Lead; IAM​/PAM

Same platform, different brand. Your saved jobs and alerts as well as your log in details have moved with you.

What

Where

You are the person who ensures the right workforce has the right access to the right resources.

You own our Identity & Access Management (IAM), Privileged Access Management (PAM) and workforce security capabilities. You will drive an identity-first, Zero Trust model across on-prem, cloud and SaaS environments, and lead major IAM/PAM uplift projects that are central to our cyber-resilience and CSA Cyber Trust Mark ambitions.

This role reports to the Lead, Cyber Defence & Resilience and is a critical counterpart to our Cyber Fusion, Exposure & Vulnerability Management and Digital Trust teams.

Scope of the role

In this role, you will be responsible for the strategy, architecture, implementation and ongoing effectiveness of identity and workforce security across:

Identities & Accounts - Employees, contractors, vendors, service accounts and application identities across multiple directories and HR systems

Access Control - Role-based access (RBAC), attribute-based access (ABAC), segregation of duties (SoD), and entitlements for business and privileged users

IAM Platforms - Enterprise IAM solutions (e.g. SailPoint, Saviynt, Oracle IAM, Azure AD / Entra , Okta or similar) covering identity lifecycle, SSO and federation

PAM Platforms - Cyber Ark or equivalent vaulting and session-monitoring solutions for privileged and sensitive accounts

Processes & Governance - Joiner-mover-leaver (JML), recertification, access reviews, break-glass processes and exception handling

Zero Trust & Workforce Security - MFA, adaptive authentication, conditional access, device and contextual signals that underpin an identity-centric security model

You will work closely with:

HR, IT Operations, Application Owners, Cloud Engineering and Enterprise Architecture

Cyber Fusion / SOC (for identity-related monitoring & response) and Exposure & Vulnerability Management

Internal Audit, Risk & Compliance and external regulators in demonstrating effective access governance

Responsibilities

Define and maintain the Workforce & Identity Security strategy and roadmap, aligned with Cyber Defence & Resilience, Zero Trust and CSA Cyber Trust Mark requirements

Design the target operating model for IAM & PAM: roles and responsibilities, RACI, processes, tooling and integration patterns

Translate business and regulatory requirements into clear identity control objectives and practical implementation plans

Architecture, Design & Technology Ownership

Own the end-to-end IAM & PAM architecture, including directories, identity stores, SSO, federation, MFA, just-in-time provisioning and password-less / adaptive authentication

Set architectural standards for integration of applications and systems into IAM/PAM platforms (e.g. connectors, APIs, SCIM, SAML/OIDC/OAuth, RADIUS)

Lead design and deployment of role and attribute models (RBAC/ABAC) that support least privilege while remaining maintainable and understandable

Ensure IAM/PAM designs support hybrid and multi-cloud environments, remote work, and third-party access scenarios

Delivery of IAM/PAM & Zero Trust Programmes

Lead multi-year IAM/PAM and identity-first security uplift programmes, including re-platforming or major expansion of IAM and PAM solutions

Manage full lifecycle of these programmes: requirements, design, build, test, migration, stabilisation and handover to BAU, using Agile or hybrid methodologies

Coordinate cross-functional squads (security engineers, IAM developers, infra/AD teams, application owners, HR and business stakeholders) to deliver on time and within budget

Drive application onboarding at scale, including bulk integrations of business systems and cloud apps to SSO, MFA and PAM platforms

Governance, Operations & Continuous Improvement

Own and continuously improve JML, access request/approval, recertification and SoD processes, ensuring efficiency and strong control

Oversee access governance reporting and dashboards - who has access to what, where risk hotspots exist, and progress against remediation

Define and monitor KPIs/KRIs (e.g. orphan accounts, dormant privileged accounts, recertification completion, policy violations, number of manual exceptions)

Ensure operating procedures, runbooks, and playbooks are in place for identity lifecycle, privileged account management and emergency access

Serve as the senior escalation point for identity-related incidents, including compromised credentials, abuse of privilege or IAM/PAM platform outages

Coordinate with the SOC and other teams to detect and respond to credential theft, lateral movement and anomalous access behaviour

Provide detailed evidence and explanations for internal and external audits, red-team exercises, and regulatory inspections focused on access governance

Regularly validate that IAM/PAM controls meet or exceed expectations in NIST, ISO 27001 and Cyber Trust Mark control sets

Leadership & Stakeholder…