Group Head: Identity & Access Management (IAM)

Job Description

Job Summary

The Group Head – Identity & Access Management (IAM) is responsible for steering Equity Group’s established IAM framework across all subsidiaries in East Africa. This executive role safeguards secure, efficient, and compliant user access to banking systems and digital services while enabling the Group’s digital transformation. This role directs strategy and oversees operations for Identity Governance & Administration (IGA), Privileged Access Management (PAM), end-to-end user-lifecycle automation, access recertification, and the secure integration of identity services across Equity Group’s banking and non-banking subsidiary operations.

Key Duties & Responsibilities

• Refine and execute the Group-wide IAM strategy and roadmap, aligning with business objectives, regulatory frameworks, and the Group’s cybersecurity strategy.
• Ensure IAM and PAM remain critical business enablers while reducing risk and maintaining regulatory compliance.
• Lead a multi-country IAM structure, managing cross-border teams, vendors, and system integrators.
• Present regular updates to executive committees, boards, and regulators on IAM posture, risks, and performance.
• Oversee the end-to-end Joiner-Mover-Leaver lifecycle across all entities, ensuring automated provisioning, seamless role transitions, and timely de-provisioning.
• Integrate IAM controls with HR systems, core banking platforms, Active Directory, cloud services, and third-party fintech partners to deliver automated identity workflows.
• Maintain role catalogues, entitlement matrices, and Segregation of Duties (SoD) frameworks while driving high levels of automation to reduce manual errors.
• Own the configuration, customization, and scaling of the Group’s IGA platform.
• Prioritize onboarding of critical applications (core banking, payments, SWIFT, treasury, internet banking, HR/ERP, SaaS) into the IGA platform.
• Implement role-based access control (RBAC) and least privilege policies across all systems and deliver executive dashboards on users, entitlements, SoD conflicts, and exceptions.
• Define and lead the Group PAM strategy to secure administrator, root, and other privileged accounts.
• Deploy, configure, and manage PAM tools, ensuring central control and password vaulting/rotation for all privileged credentials.
• Implement Just-in-Time (JIT) provisioning and privileged session monitoring to minimize standing privilege and improve auditability.
• Conduct periodic access recertification campaigns and standardize review processes for managers, role owners, and application owners.
• Ensure compliance with diverse regulations, including central bank guidelines, GDPR, PCI-DSS, ISO 27001, and local data-protection laws across all operating countries.
• Maintain audit-ready documentation and provide evidence to internal/external auditors, remediating findings promptly.
• Operate centralized access request and approval processes for employees, contractors, and third parties with self-service portals and automated approval workflows.
• Enforce least privilege and SoD controls across on-premises, cloud, and fintech partner ecosystems.
• Manage a dedicated team to ensure all access requests are fulfilled within agreed SLAs.
• Define and maintain IAM and PAM policies, standards, and control requirements.
• Integrate IAM risk scoring into the Group’s enterprise cyber-risk framework.
• Partner with enterprise risk, cybersecurity, compliance, and internal audit to manage IAM risk holistically.
• Continuously monitor global IAM trends to embed modern practices such as Zero Trust and cloud-native IAM.

Educational Qualifications, Experience, & Skills Required

• Bachelor’s degree in computer science, Information Security, or related field; Master’s preferred. 
• Certifications: CISSP, CRISC, CCSP
• 12+ years of information-security experience, with at least 5 years leading enterprise IAM programs in banking, financial services, or similarly regulated industries.
• Hands-on expertise with leading IGA platforms (e.g., SailPoint, Saviynt, Oracle), including proven experience in SailPoint integration, customization, and application onboarding, as well as PAM tools (e.g., CyberArk, Beyond Trust, Delinea).
• Strong understanding of RBAC/ABAC/SoD models and identity federation protocols (SAML, OAuth, OIDC).
• Deep knowledge of compliance frameworks such as PCI-DSS, ISO 27001, SOX, GDPR, and regional financial-sector regulatory requirements.
• Demonstrated success managing multi-country IAM implementations and working with diverse regulatory bodies.
• Expert in IAM frameworks, tools, access governance, and compliance across multiple subsidiaries.
• Experience in IAM strategy, policy development, vendor management, and system integrations.
• Skilled in data-driven decision-making, reporting, and risk management.
• Strong executive presence, stakeholder management, and cross-functional collaboration.
• Proven ability to drive complex programs, change initiatives, and deliver results.

Click link for more details.