Head of Access Governance

This position involves driving enterprise-wide strategy, design, implementation, and governance of authorisation policies, capabilities, and controls to safeguard access to critical systems, applications, and data. The role requires a technically experienced and strategically minded leader to mature our Zero Trust and least privilege posture by partnering with technology and business stakeholders to embed strong access governance across the organisation.

The successful candidate will be responsible for:

• Leading the end-to-end strategy and execution of the IAM Authorisation Security function, with a strong emphasis on access policy enforcement, privilege elevation, and role-based access control (RBAC).
• Operationalising authorisation security frameworks aligned with Zero Trust principles, ensuring scalable and consistent policy enforcement across hybrid and multi-cloud environments.
• Overseeing the design, implementation, and continuous improvement of fine-grained access controls, including ABAC (Attribute-Based Access Control), PBAC (Policy-Based Access Control), and JIT (Just in Time) access.

To achieve this, you will lead a team to design and operate products and workflows with user experience and service excellence in mind. You will also execute centralised controls and maintain oversight of decentralised controls across authorization security, and access governance.

You will own, execute and operate centralised controls for all IAM Authorisation Security Global Process Owner (GPO) responsibilities. You will also own the oversight and providing control effectiveness SME recommendations on solutions of decentralised controls for all IAM Authorisation Security Global Process Owner (GPO) responsibilities.

In addition, you will define and continuously improve end-to-end processes for:

• Access governance and lifecycle management
• Privileged Identities lifecycle management
• Standardise authorisation security onboarding playbooks across cloud, on-prem, and hybrid workloads.
• Implement ABAC (Attribute-Based Access Control), PBAC (Policy-Based Access Control), and JIT access
• Build reusable workflow templates and automation libraries for provisioning, deprovisioning, access requests, and recertifications into pipelines or workloads.
• Partner with Cyber Ops to define and operationalise incident management processes for authorisation bypass, or privileged escalation events
• Establish clear RACI models and documentation for authorisation security ownership, ensuring accountability across technology domains.

This position also involves managing requirements and SLAs across senior technology leaders, business leaders, auditors, and risk functions to align IAM strategies with enterprise risk appetite. You will translate complex IAM concepts into business-friendly language for non-technical stakeholders.

You will also collaborate across multiple domains – IT infrastructure, cloud, enterprise architecture, application teams, and compliance to deliver. You will provide strong project and delivery leadership, with ability to prioritise and deliver IAM initiatives in alignment with cybersecurity roadmap and regulatory timelines.

Furthermore, you will lead, mentor, and grow a team of IAM security product owners and engineers, fostering a culture of technical excellence and continuous improvement. You will foster a collaborative and high-performance team culture.

Your key stakeholders include Group CISO, TTO Group CISO MT, CIO, Technology & Architecture, TTO CIA TSA, CCO, TTO & Global Head Group Transformation, TTO COO, Global Head, IAM, TTO Group CISO MT, Global Head, Cyber Security Services, TTO Group CISO MT, Global Head, Group Threat Management, TTO Group CISO MT, CISO, WRB & Markets, TTO Group CISO MT, CISO, CIB, Core Technology & Functions, TTO Group CISO MT, Global Head, ICS Risk & Governance, Global Head Cyber Operations, TTO Group CISO MT, Global Head Audit, GSF Internal Audit, and Key Business Stakeholders including: All Business and Function COOs.

Firm leadership, team-building, and cross-functional communication skills are essential for success in this role. Experience operating in large, complex, and regulated environments is highly desirable.

We are seeking a candidate with 10+ years of experience in cybersecurity, at least 5+ years leading IAM functions. Expertise in Access Governance, Identity Provider and Privileged Identity Access Management solutions is required. In-depth understanding of RBAC, ABAC, SoD, Just-In-Time (JIT) access, and policy enforcement points (PEPs) is necessary. Certifications such as CISSP, CCSP, CISM, GIAC GDSA, or equivalent are highly valued.

This role requires strong vendor management skills, expertise in information security policy and strategy, change management, management of front-line risk, and strategy and business model.

About Us

We are an international bank, committed to making a positive difference for our clients, communities, and each other. We value diversity and advocate inclusion. Our purpose is to drive commerce and prosperity through our unique diversity. Our brand promise is to be here for good.