Formulate and govern Identity and Access Management (IAM) Roadmap for the bank to cover all key areas. Roadmap shall cover the areas to focus with priority, Standards, and practices and unification of process by utilizing available technologies.
Develop, implement, and maintain comprehensive policies and procedures related to identity and access management in alignment with regulatory standards and best practices.
Regularly review and update policies to adapt to evolving security threats and technological advancements.
Issue required guidelines to Technology teams for implementation of IAM tools across the bank, including required policies for implementation as per best practices.
User Access Lifecycle
Oversee the efficient provisioning and deprovisioning of user accounts and access privileges based on established protocols and authorization procedures.
Implement automation where possible to enhance accuracy and efficiency in user lifecycle management.
Design and oversee access recertification processes to validate user access rights and enforce Role Based Access Control (RBAC) principles across systems and applications.
Govern and provide guidelines for implementation of RBAC methodologies to ensure appropriate access based on job roles and responsibilities.
Identify, assess, and mitigate Segregation of Duties (SoD) conflicts and toxic combinations by implementing controls and monitoring mechanisms.
Collaborate with teams to develop and enforce strategies that minimize the risk of unauthorized access resulting from conflicting duties.
Develop and implement PAM strategies and controls for privileged accounts, ensuring proper monitoring, authentication, and authorization of access.
Manage the lifecycle of privileged accounts, including provisioning, monitoring, and deprovisioning as per established protocols.
Ensure monitoring of all accesses is being followed as per regulatory requirements and best practices.
Ensure user access lifecycle covers all scenarios and process is coherent.
Key and Cryptographic Management
Govern and oversee robust key management strategies to protect cryptographic keys used for encryption, ensuring secure storage, rotation, and access controls.
Oversee and enforce password policies and controls, including complex requirements, rotation schedules, and secure storage practices.
Advise technology on practices to mitigate the risk of password-related security breaches.
Risk management
Identify, assess, and mitigate risks associated with identity and access management, ensuring compliance with regulatory requirements and internal security standards.
Conduct regular audits and assessments to monitor adherence to policies and identify areas for improvement.
Collaboration and Stakeholder Management
Collaborate closely with cross-functional teams including Technology, Fraud Prevention and Intelligence, compliance, and business units to align access governance strategies with organizational goals.
Provide guidance and support to internal teams on access-related matters, fostering a culture of security awareness and compliance.
