IAM Cloud Engineer

Location:

The Senior IAM Cloud Governance Lead is responsible for defining, implementing, and overseeing the enterprise governance model for cloud-based identities, privileged access, and nonhuman identities (service accounts). This role provides technical Collaboration with Service Account Governance, and Human Privileged Access Management (HPAM), ensuring alignment with security policy, regulatory obligations, and audit expectations across hybrid and multicloud environments.

The role acts as a governance authority and escalation point, partnering closely with IAM engineering, cloud platform teams, risk management, audit, and application owners.

• Lead the governance framework for cloud identity and access across IaaS, PaaS, and SaaS platforms, including design standards, control requirements, and lifecycle oversight.
• Establish and maintain enterprise guardrails for cloud IAM constructs (roles, permissions, entitlements, conditional access, federation).
• Ensure consistent enforcement of leastprivilege and separationofduties principles across cloud workloads.

• Own governance strategy for service accounts and nonhuman identities, including inventory completeness, ownership attribution, credential lifecycle, and risk classification.
• Define certification, recertification, and exception handling processes for NHIs in alignment with audit and compliance requirements.
• Partner with platform and application teams to remediate unmanaged or highrisk service accounts.

• Provide governance leadership over privileged access patterns for cloud and hybrid systems, including justintime access, breakglass processes, and session oversight.
• Ensure HPAM controls are consistently applied and measurable across cloud and onprem systems, supporting regulatory and internal risk assessments.

• Translate regulatory, audit, and risk requirements into actionable IAM governance controls and measurable evidence.
• Support internal and external audits by providing policy documentation, process flows, certification results, and exception rationale.
• Act as IAM governance SME for secondline risk and control partners.

• Serve as senior escalation point and decision authority for IAM cloud governance issues and design exceptions.
• Influence IAM strategy, roadmap prioritization, and operating model improvements.
• Mentor analysts and senior practitioners within IAM governance and compliance functions.

• Deep experience in Identity & Access Management (IAM) within large enterprise environments.
• Handson knowledge of cloud IAM models, including human and nonhuman identities.
• Strong understanding of governance, risk, and control design, including audit evidence expectations.
• Experience governing privileged access models and service account lifecycles.
• Proven ability to translate policy and regulatory requirements into operational controls.

• Experience supporting regulated environments (financial services, SOXrelevant systems).
• Familiarity with ServiceNow or similar platforms for inventory, workflow, and reporting.
• Professional security or audit certifications (e.g., CISA, CISSP) preferred but not required.
• Demonstrated leadership in crossfunctional, matrixed organizations.
• Awareness of Google Gemini Enterprise

COMPENSATION AND BENEFITS

Please click here for a list of benefits for which this position is eligible.

Key has implemented an approach to employee workspaces which prioritizes in-office presence, while providing flexible options in circumstances where roles can be performed effectively in a mobile environment.

Qualified individuals with disabilities or disabled veterans who are unable or limited in their ability to apply on this site may request reasonable accommodations by emailing HR_Compliance@keybank.com.