Job Summary
• The IAM Control Review Specialist is responsible for independently assessing, validating, and monitoring the effectiveness of Identity and Access Management (IAM) controls across enterprise systems. This role ensures that user access, privileged access, and identity lifecycle processes comply with internal security standards, regulatory requirements, and industry best practices.
Key Responsibilities
• 7–12 years of experience in Identity and Access Management (IAM) control assurance, security assessments, or related governance roles.
In-depth understanding of:
• Authentication controls (SSO, MFA, federation)
• Authorization models (RBAC, ABAC, PBAC)
• Privileged Identity / Access Management (PIM/PAM) controls
• Hands-on experience in IAM protocols and standards (SAML, OAuth2, OIDC, LDAP, Kerberos, SCIM) and expertise in Privilege Identity Management platforms
• Knowledge or hands-on experience in AI-enabled identity systems or AI control assessments.
• Strong experience in control testing, risk assessment, and control design evaluation.
• Familiarity with regulatory and internal control frameworks (e.g., ISO 27001, NIST, SOX, internal risk frameworks).
• Strong understanding of IAM control frameworks, including Authentication, authorization, and identity lifecycle control, Privileged access management and high-risk access scenarios
• Hands-on experience reviewing controls aligned to least privilege, zero trust, and defense-in-depth
• Ability to work effectively with technical and non-technical stakeholders
• Confident in explaining IAM risks and control issues to senior stakeholders
• Comfortable operating independently with minimal supervision
• Familiarity with IAM and PAM platforms (e.g., SailPoint, Saviynt, CyberArk, Azure AD, AWS IAM and others)
• Understanding of access review tooling, ticketing systems, and GRC platforms
• Excellent stakeholder management, analytical, and documentation skills, Strong risk articulation skills—clearly explaining why a control gap matters
Processes
• The specialist will conduct periodic access reviews, evaluate control design and operating effectiveness, identify control gaps, and work closely with IAM engineering, risk, audit, and business stakeholders to remediate findings. The role plays a critical part in reducing identity-related risk, supporting audits, and strengthening the organization’s overall security and compliance posture.
People & Talent
• Lead through example and build the appropriate culture and values.Regulatory & Business Conduct
• Display exemplary conduct and live by the Group’s Values and Code of Conduct.
• Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
• Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.
Key stakeholders
• Application technology team
• Application Architects
• Application Business Owner
• ICS/IAM domain Leads/Head
Qualifications
Qualifications
• Bachelor’s or Master’s degree in Information Security, Computer Science, or related field.
Certifications
• Relevant certifications such as CISSP or other IAM platform certification
Skills and Experience
• IAM Control Framework
• Deep understanding of IAM control domains
• Deep Understanding of AI Control assessment
About Standard Chartered
We're an international bank, nimble enough to act, big enough for impact. For more than 170 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents and we can't wait to see the talents you can bring us.
Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you'll see how we value difference and advocate inclusion.
Together we:
- Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
- Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
- Are better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term
What we offer
In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.
- Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations.
- Time-off including annual leave, parental/maternity (20 weeks), sabbatical (12 months maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum.
- Flexible working options based around home and office locations, with flexible working patterns.
- Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
- A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning.
- Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.
