Data Access Governance Architect - strong IAM expertise
Role details
Job location
Tech stack
Job description
Own the data access governance program from discovery to implementation and operation. Act as the central technical authority and owner for the data access governance framework, particularly for customer tenant data. Partner with Legal, Product, and Sales to discover, interpret, and define critical data access use-cases and constraints required by contracts and regulations. Lead cross-functional workshops to map data flows, define access roles (RBAC), and secure stakeholder buy-in. Develop and report on program KPIs to measure the state of access controls, risk reduction, and compliance.
Technical Architecture & Engineering
Architect and design the technical data access framework, including scalable RBAC models, policies, and integrations. Lead the hands-on implementation and integration of our central IAM platform (e.g., Okta, Entra ID) to enforce the access policies you design. Design, build, and maintain automated Joiner, Mover, and Leaver (JML) workflows to ensure secure user lifecycle management. Engineer and operate data discovery and classification tools to identify and map sensitive data flows. Engineer, implement, and manage the firm's Data Loss Prevention (DLP) and data discovery/classification tools to map and protect sensitive data flows.
Governance Operations & Assurance
Own and maintain the central registry of data and access constraints to ensure and demonstrate compliance. Serve as the primary technical escalation point and final approver for complex data access requests, handling exceptions to the defined policies. Drive the program-level rollout of the data access governance model, working with Engineering and Infrastructure to get controls implemented. Manage and coordinate all periodic user access certification campaigns for sensitive data, ensuring timely completion and sign-off. Develop and report on program KPIs to measure the state of access controls and compliance.
Requirements
At least seven (7) years of proven experience in a hands-on role spanning IAM, data security, or security architecture. Bachelor's Degree in a relevant field or equivalent work experience. Strong, demonstrated understanding of core IAM principles (Least Privilege, RBAC, JML) and data security concepts. Hands-on experience with major IAM platforms (e.g., Okta, SailPoint, Entra ID) and their integration. Strong knowledge of authentication and authorization standards (SAML, OAuth, OpenID Connect, SCIM). Proficiency in at least one scripting language (e.g., PowerShell, Python) or a query language (SQL). Expertise in designing and operating Data Loss Prevention (DLP), data discovery, and classification tools. Program management skills; ability to manage competing priorities, drive projects to completion, and hold stakeholders accountable. Investigative mindset to capture requirements from non-technical stakeholders. Excellent communication skills and the ability to act as a central point of authority with confidence. High attention to detail and strong documentation skills. Knowledge of data protection regulations and compliance frameworks (e.g., GDPR, CCPA, ISO27001, SOC2, HIPAA).
Benefits & conditions
Flexible remote and hybrid working options Competitive Salary and a variable component tied to personal and company performance Company equity Multiple Learning and Development opportunities, including Focus Fridays, a half-day each month to focus on learning and personal growth Generous PTO and paid holidays Mental health benefits 2 MAD Days per year (Make A Difference Days for paid volunteering) Additional benefits by country, inquire with recruiter
