IAM Cloud Governance Engineer

Responsibilities

• Cloud IAM Governance
• Lead the governance framework for cloud identity and access across IaaS, PaaS, and SaaS platforms, including design standards, control requirements, and lifecycle oversight.
• Establish and maintain enterprise guardrails for cloud IAM constructs (roles, permissions, entitlements, conditional access, federation).
• Ensure consistent enforcement of least‑privilege and separation‑of‑duties principles across cloud workloads.
• Service Account / Non‑Human Identity (NHI) Governance
• Own governance strategy for service accounts and non‑human identities, including inventory completeness, ownership attribution, credential lifecycle, and risk classification.
• Define certification, recertification, and exception handling processes for NHIs in alignment with audit and compliance requirements.
• Partner with platform and application teams to remediate unmanaged or high‑risk service accounts.
• Privileged Access & HPAM Oversight
• Provide governance leadership over privileged access patterns for cloud and hybrid systems, including just‑in‑time access, break‑glass processes, and session oversight.
• Ensure HPAM controls are consistently applied and measurable across cloud and on‑prem systems, supporting regulatory and internal risk assessments.
• Risk, Audit, and Compliance Enablement
• Translate regulatory, audit, and risk requirements into actionable IAM governance controls and measurable evidence.
• Support internal and external audits by providing policy documentation, process flows, certification results, and exception rationale.
• Act as IAM governance SME for second‑line risk and control partners.
• Leadership & Strategic Enablement
• Serve as senior escalation point and decision authority for IAM cloud governance issues and design exceptions.
• Influence IAM strategy, roadmap prioritization, and operating model improvements.
• Mentor analysts and senior practitioners within IAM governance and compliance functions.
• Required Qualifications
• Deep experience in Identity & Access Management (IAM) within large enterprise environments.
• Hands‑on knowledge of cloud IAM models, including human and non‑human identities.
• Strong understanding of governance, risk, and control design, including audit evidence expectations.
• Experience governing privileged access models and service account lifecycles.
• Proven ability to translate policy and regulatory requirements into operational controls.

Requirements

• Experience supporting regulated environments (financial services, SOX‑relevant systems).
• Familiarity with ServiceNow or similar platforms for inventory, workflow, and reporting.
• Professional security or audit certifications (e.g., CISA, CISSP) preferred but not required.
• Demonstrated leadership in cross‑functional, matrixed organizations.
• Awareness of Google Gemini Enterprise
• Core Skills and Competencies
• Cloud IAM governance and entitlement modeling (Google and Azure)
• Service account / non‑human identity governance
• Privileged access oversight (HPAM) (CyberArk)
• Risk assessment and control design
• Audit and evidence management
• COMPENSATION AND BENEFITS
• Please click here for a list of benefits for which this position is eligible.
• Key has implemented an approach to employee workspaces which prioritizes in-office presence, while providing flexible options in circumstances where roles can be performed effectively in a mobile environment.
• Job Posting Expiration Date: 07/27/2026
• Qualified individuals with disabilities or disabled veterans who are unable or limited in their ability to apply

Benefits

Additional Information

Location: 4910 Tiedeman Road, Brooklyn Ohio The IAM Cloud Governance Engineer is responsible for defining, implementing, and overseeing the enterprise governance model for cloud-based identities, privileged access, and non‑human identities (service accounts). This role provides technical Collaboration with Service Account Governance, and Human Privileged Access Management (HPAM), ensuring alignment with security policy, regulatory obligations, and audit expectations across hybrid and multi‑cloud environments. The role acts as a governance authority and escalation point, partnering closely with IAM engineering, cloud platform teams, risk management, audit, and application owners.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at KeyBank? Share your experience