Associate Lead - Information Security

Job Title: Information Security Lead /  Lead – Identity Governance and ComplianceDepartment: Information Security – Governance, Risk & Compliance (GRC)Experience: Level: 5 – 7 yearsEmployment Type: Full-time Key Responsibilities:
•    Lead and manage the Identity Governance and compliance activities, including periodic User Access Reviews (UAR) and RBAC activities.
•    Ensure IAM practices comply with internal policies and external regulatory requirements.
•    Maintain and enhance identity governance policies, standards, and procedures.
•    Provide subject matter expertise on Active Directory (AD), including group policies and access provisioning/deprovisioning.
•    Align identity governance practices with frameworks such as PCI DSS, ISO 27001, NIST CSF, and COBIT.
•    Engage with IT, HR, and business units to enforce least privilege principles and maintain accurate access records.
•    Conduct regular training sessions for the SM team on security controls and client requirements.
•    Coordinate SME involvement in quarterly meetings and training initiatives.
•    Maintain and organize SharePoint and Jira spaces for audit readiness and evidence management.
•    Participate in incident management, change control meetings, and cloud migration initiatives.
•    Engage in SOC operations and threat tracking.
•    Drive continuous improvement initiatives in identity governance and GRC processes.
•    Lead the annual review of security information presentations in collaboration with Compliance.
Required Qualifications:
•    Bachelor’s degree in Information Security, Computer Science, or a related field.
•    5 – 7 years of experience in Information Security, with a focus on Identity Governance and Compliance.
•    Strong understanding of User Access Review (UAR) processes and tools.
•    Experience with Active Directory (AD) and identity lifecycle management.
•    Familiarity with regulatory and compliance frameworks: PCI DSS, ISO 27001, NIST, COBIT.
•    Excellent analytical, documentation, and communication skills.
•    Ability to work independently and collaboratively in a fast-paced environment.
Preferred Qualifications:
•    Relevant certifications such as CISSP, CISA, CISM, CRISC, or GIAC.
•    Experience with IAM tools (e.g., SailPoint, Saviynt, Okta, Azure AD).
•    Prior experience supporting internal or external audits.
•    Knowledge of GRC tools and platforms.
•    Understanding of legal and regulatory standards such as FERPA, CIS, and data protection laws.
•    Knowledge of Cloud Identity (AWS or Azure Identity).