Specialist III, Identity and Access Management Controls

The opportunity

The Identity and Access Management Controls, Specialist role manages the development, implementation, and maintenance of the enterprise identity and access management control and governance program. The role also collaborates with IT and business teams to strengthen internal controls, support audits, address control gaps, and enhance the organization's security posture.

Your key responsibilities

Leads the design, build, and deployment of identity and access management controls and governance program that is compliant with enterprise security standards and integrated with enterprise access administration infrastructure. Works closely with senior leadership and other IT teams to align strategies and projects with business objectives.

Leads and oversees the implementation of changes to department policies and procedures to meet changing business needs and to achieve department objectives. Identifies opportunities for continuous improvement.

Serves as a point of escalation for complex issues that may require management intervention. Analyzes the security impact of complex requests or incident tickets escalated by the team and either provides resolution or escalates to higher management depending on the criticality. Assesses and immediately notifies leadership of security issues or quality control events that may have an impact on business operations.

Works closely with external auditors to represent Vanguard and respond to audit findings. Ensures completeness and accuracy of responses and evidencing.

Maintains an active understanding of, and contributes to, the broader access management and information security discipline. Serves as thought leader across the enterprise and with external partners.

Participates on vendor software evaluation teams to analyze the security administration features and impacts of each package or release. May help define requirements, log issues and test upgrades and new releases.

Participates in special projects and performs other duties as assigned.

Collaborate with IT and business teams to design, implement and maintain robust internal controls that address IT risks and safeguard organizational assets.

Support internal and external audits by assisting with risk mitigation based on audit findings, ensuring all control documentation is accurate and up-to-date.

Proactively identify potential gaps in IT controls and work with relevant teams to address weaknesses, enhancing the overall security posture of the organization.

Assist with the development of risk management frameworks and contribute to the creation of policies aimed at strengthening the organization’s internal controls and mitigating IT-related risks.

Skills and attributes for success

A team player with strong analytical, communication and interpersonal skills

Constantly updating yourself about new technologies in the market

A winning personality and the ability to become a trusted advisor to the stakeholders

To qualify for the role, you must have

Minimum 8 years of related work experience, including at least 5 years in risk management, controls assessment, or cybersecurity governance.

Bachelor’s degree ( in Computer Science or IT, or Bachelor’s in Computer Applications (BCA) from a recognized institution.

Supervisory experience preferred, with the ability to mentor and guide junior staff.

Proficiency in assessing and testing IT and cybersecurity controls using frameworks such as NIST, ISO 27001, and COBIT.

Hands-on experience with control gap analysis, risk assessment, and audit remediation processes.

Familiarity with IAM tools (SailPoint, Okta, CyberArk), governance platforms (Archer, ServiceNow), and privileged access management (PAM).

Strong understanding of international cybersecurity regulations and compliance standards (, SOX, GDPR, HIPAA).

Detail-oriented with strong analytical and organizational abilities, capable of identifying security risks and implementing improvements.

Excellent technical writing, documentation, and communication skills, with the ability to present findings to stakeholders.

Problem-solving, conceptual thinking, and process improvement mindset, with a proactive approach to security enhancements.

Relevant certifications preferred : Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or Certified Information Systems Security Professional (CISSP).

Ideally, you’ll also have

Strong verbal and written communication, facilitation, relationship-building, presentation and negotiation skills.

Be highly flexible, adaptable, and creative.

Comfortable interacting with senior executives (within the firm and at the client)

What we look for

Strong teamwork, work ethic, product mindset, client centricity and a relentless commitment to EY values.

What working at EY offers

We offer a competitive remuneration package where you’ll be rewarded for your individual and team performance. Our comprehensive Total Rewards package includes support for flexible working and career development, and with FlexEY you can select benefits that suit your needs, covering holidays, health and well-being, insurance, savings and a wide range of discounts, offers and promotions. Plus, we offer :

Support, coaching and feedback from some of the most engaging colleagues around

Opportunities to develop new skills and progress your career

The freedom and flexibility to handle your role in a way that’s right for you

EY is committed to being an inclusive employer and we are happy to consider flexible working arrangements. We strive to achieve the right balance for our people, enabling us to deliver excellent client service whilst allowing you to build your career without sacrificing your personal priorities. While our client-facing professionals can be required to travel regularly, and at times be based at client sites, our flexible working arrangements can help you to achieve a lifestyle balance.

About EY

As a global leader in assurance, tax, transaction and advisory services, we’re using the finance products, expertise and systems we’ve developed to build a better working world. That starts with a culture that believes in giving you the training, opportunities and creative freedom to make things better. Whenever you join, however long you stay, the exceptional EY experience lasts a lifetime.