Cyber Security Risk Management Lead – IAM & Insider Threat

We are seeking an experienced and strategic Cyber Security Risk Management Lead specializing in Identity and Access Management (IAM) and Insider Threat. This role is crucial in protecting our enterprise’s digital assets by managing the full lifecycle of technology risks within these critical domains. Reporting directly to the Associate Director of Security Risk, you will serve as the primary risk advisor, collaborating closely with domain leaders, senior technical teams, and compliance stakeholders to reinforce our security posture.

• Lead end-to-end management of risk identification, assessment, and monitoring within the IAM and Insider Threat landscape.
• Drive comprehensive risk assessments, issue identification, and remediation planning to mitigate vulnerabilities proactively.
• Partner with subject matter experts and business units to analyze risk data, diagnose root causes, and develop effective mitigation strategies.
• Oversee controls testing in collaboration with offshore teams, ensuring the effectiveness of risk controls and proper escalation practices.
• Act as the trusted advisor for domain leaders, cultivating strong relationships and facilitating alignment on risk strategies and process improvements.
• Champion the integration and refinement of risk management practices, including influencing operating model enhancements and adopting best practices.
• Utilize tools like Service Now and Excel for detailed risk data analysis, workflow management, and reporting to senior stakeholders.

• Extensive experience in technology risk management within financial services or large enterprise environments.
• Demonstrated expertise in IAM and Insider Threat management, including vulnerability identification, risk assessment, and remediation.
• Strong understanding of AI-specific threat vectors such as adversarial attacks, model theft, and data poisoning, with practical mitigation experience.
• Deep knowledge of cybersecurity controls, information security policies, and frameworks (ISO, COSO, COBIT, NIST), with awareness of compliance and regulatory mandates.
• Proven ability to analyze complex technical data, synthesize findings, and communicate effectively with senior leadership.
• Familiarity with security domains including vulnerability management, application security, network security, and cloud infrastructure.
• Proficiency with risk management tools, particularly Service Now and Excel, with experience using GRC platforms a plus.

• Experience in controls testing, internal/external audits, or governance, risk, and compliance (GRC) platforms.
• Strong understanding of relevant regulatory, legal, and compliance frameworks applicable to technology security.
• Previous consulting experience or success operating within a matrixed, cross-functional environment.

$70.00 – $75.00 USD Hourly