IAM Governance Analyst

Description

IAM Governance Analyst

Department

Identity and Access Management Governance

Role Summary

The Cybersecurity Control Assurance and Governance Analyst supports the design, oversight, and effectiveness of the bank’s Identity and Access Management governance framework. This role blends IAM domain expertise with strong data analytics capabilities to evaluate control effectiveness, enhance risk visibility, and ensure alignment with regulatory requirements and internal standards. The role focuses on governance execution, control assurance, and translating complex cybersecurity data into meaningful insights for business and risk stakeholders.

Key Responsibilities

IAM Governance

• Support the development and maintenance of IAM minimum requirements, standards, procedures, and guidelines
• Ensure IAM governance practices align with business objectives, risk appetite, and regulatory expectations
• Participate in policy exception management and control waiver processes
• Partner with business lines, risk management, compliance, and internal audit to drive consistent and effective governance
• Maintain IAM risk and control libraries within GRC platforms such as Archer
  
  

Data Analytics and Reporting

• Ingest, analyze, and interpret large volumes of cybersecurity and IT risk data from multiple sources such as GRC tools, Sphere, and audit logs
• Transform raw data through ETL processes into actionable insights, dashboards, and scorecards for business and risk stakeholders
• Develop and maintain control effectiveness metrics, key risk indicators, and operational risk reporting
• Identify trends, anomalies, and risk signals using data visualization and analytics tools such as Tableau
• Partner with data engineering teams to ensure accuracy, quality, and availability of security related datasets
  
  

Control Assurance

• Conduct risk based assessments and control testing for identity and access management processes across the enterprise
• Validate both design and operating effectiveness of technical and administrative security controls
• Develop control testing procedures aligned to NIST and internal control methodologies
• Track control deficiencies, remediation activities, and outcomes
• Communicate control assurance results and risk posture to senior management and key stakeholders
  
  

Audit and Regulatory Support

• Act as a liaison for internal audits, external audits, regulatory examinations, and third party assessments
• Coordinate audit responses, evidence collection, and issue tracking
• Support ongoing regulatory and risk management inquiries related to IAM controls
  
  

Qualifications

Education

• Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or related field
  
  

Certifications Preferred

• CISA
• CISSP
• CRISC
• CISM
  
  

Experience

• Three to seven years of experience in cybersecurity, IT risk management, internal audit, or compliance
• Demonstrated experience analyzing and contextualizing cybersecurity and IT risk data
• Strong understanding of cybersecurity frameworks and regulatory requirements
• Hands on experience with control testing, audits, and GRC platforms
  
  

Skills And Competencies

• Strong analytical, documentation, and written communication skills
• Ability to translate technical cybersecurity risks into clear business language
• Working knowledge of IT architecture, systems, cloud platforms, and their security implications
• Ability to manage multiple priorities in a fast paced environment with minimal supervision
  
  

Preferred Tools And Technologies

• GRC platforms such as Archer or ServiceNow GRC
• Risk and control frameworks including NIST
• Cloud and SaaS platforms such as AWS and Azure
  
  

Pay Transparency

The salary range for this position is $65,000-80,000 per year, plus an opportunity to earn an annual discretionary bonus. Actual pay is based on multiple factors, including but not limited to work location, relevant skills, and experience.

We offer competitive pay and a comprehensive benefits package, including medical, dental, and vision coverage, retirement benefits, maternity and paternity leave, flexible work arrangements, education reimbursement, wellness programs, and more. Citizens’ paid time off policy exceeds the mandatory paid sick or paid time away requirements of local and state jurisdictions within the United States.

For An Overview Of Benefits, Please Visit

https://jobs.citizensbank.com/benefits

Some job boards have started using jobseeker-reported data to estimate salary ranges for roles. If you apply and qualify for this role, a recruiter will discuss accurate pay guidance.

Equal Employment Opportunity

Citizens, its parent, subsidiaries, and related companies (Citizens) provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age, ancestry, color, citizenship, physical or mental disability, perceived disability or history or record of a disability, ethnicity, gender, gender identity or expression, genetic information, genetic characteristic, marital or domestic partner status, victim of domestic violence, family status/parenthood, medical condition, military or veteran status, national origin, pregnancy/childbirth/lactation, colleague’s or a dependent’s reproductive health decision making, race, religion, sex, sexual orientation, or any other category protected by federal, state and/or local laws. At Citizens, we are committed to fostering an inclusive culture that enables all colleagues to bring their best selves to work every day and everyone is expected to be treated with respect and professionalism. Employment decisions are based solely on merit, qualifications, performance and capability.

Why Work for Us

At Citizens, you'll find a customer-centric culture built around helping our customers and giving back to our local communities. When you join our team, you are part of a supportive and collaborative workforce, with access to training and tools to accelerate your potential and maximize your career growth