Assistant Lead, Workforce & Identity Security

Purpose of the role

You are the person who ensures the right workforce has the right access to the right resources.

You own our Identity & Access Management (IAM), Privileged Access Management (PAM) and workforce security capabilities. You will drive an identity-first, Zero Trust model across on-prem, cloud and SaaS environments, and lead major IAM/PAM uplift projects that are central to our cyber-resilience and CSA Cyber Trust Mark ambitions.

This role reports to the Lead, Cyber Defence & Resilience and is a critical counterpart to our Cyber Fusion, Exposure & Vulnerability Management and Digital Trust teams.

• Identities & Accounts - Employees, contractors, vendors, service accounts and application identities across multiple directories and HR systems
• Access Control - Role-based access (RBAC), attribute-based access (ABAC), segregation of duties (SoD), and entitlements for business and privileged users
• IAM Platforms - Enterprise IAM solutions (e.g. SailPoint, Saviynt, Oracle IAM, Azure AD / Entra , Okta or similar) covering identity lifecycle, SSO and federation
• PAM Platforms - Cyber Ark or equivalent vaulting and session-monitoring solutions for privileged and sensitive accounts
• Processes & Governance - Joiner-mover-leaver (JML), recertification, access reviews, break-glass processes and exception handling
• Zero Trust & Workforce Security - MFA, adaptive authentication, conditional access, device and contextual signals that underpin an identity-centric security model

• HR, IT Operations, Application Owners, Cloud Engineering and Enterprise Architecture
• Cyber Fusion / SOC (for identity-related monitoring & response) and Exposure & Vulnerability Management
• Internal Audit, Risk & Compliance and external regulators in demonstrating effective access governance

• Define and maintain the Workforce & Identity Security strategy and roadmap, aligned with Cyber Defence & Resilience, Zero Trust and CSA Cyber Trust Mark requirements
• Design the target operating model for IAM & PAM: roles and responsibilities, RACI, processes, tooling and integration patterns
• Translate business and regulatory requirements into clear identity control objectives and practical implementation plans

• Own the end-to-end IAM & PAM architecture, including directories, identity stores, SSO, federation, MFA, just-in-time provisioning and password-less / adaptive authentication
• Set architectural standards for integration of applications and systems into IAM/PAM platforms (e.g. connectors, APIs, SCIM, SAML/OIDC/OAuth, RADIUS)
• Lead design and deployment of role and attribute models (RBAC/ABAC) that support least privilege while remaining maintainable and understandable
• Ensure IAM/PAM designs support hybrid and multi-cloud environments, remote work, and third-party access scenarios

• Lead multi-year IAM/PAM and identity-first security uplift programmes, including re-platforming or major expansion of IAM and PAM solutions
• Manage full lifecycle of these programmes: requirements, design, build, test, migration, stabilisation and handover to BAU, using Agile or hybrid methodologies
• Coordinate cross-functional squads (security engineers, IAM developers, infra/AD teams, application owners, HR and business stakeholders) to deliver on time and within budget
• Drive application onboarding at scale, including bulk integrations of business systems and cloud apps to SSO, MFA and PAM platforms

• Own and continuously improve JML, access request/approval, recertification and SoD processes, ensuring efficiency and strong control
• Oversee access governance reporting and dashboards - who has access to what, where risk hotspots exist, and progress against remediation
• Define and monitor KPIs/KRIs (e.g. orphan accounts, dormant privileged accounts, recertification completion, policy violations, number of manual exceptions)
• Ensure operating procedures, runbooks, and playbooks are in place for identity lifecycle, privileged account management and emergency access

• Serve as the senior escalation point for identity-related incidents, including compromised credentials, abuse of privilege or IAM/PAM platform outages
• Coordinate with the SOC and other teams to detect and respond to credential theft, lateral movement and anomalous access behaviour
• Provide detailed evidence and explanations for internal and external audits, red-team exercises, and regulatory inspections focused on access governance
• Regularly validate that IAM/PAM controls meet or exceed expectations in NIST, ISO 27001 and Cyber Trust Mark control sets

• Act as a trusted advisor to senior business and technology leaders on identity, workforce and privileged access risks, presenting trade-offs in business language
• Drive user-centric change management to improve security…