SMBC Group
IAM Lead: Privileged Access Management (PAM) - Director
SMBC Group, Charlotte, North Carolina, United States, 28245
IAM Lead: Privileged Access Management (PAM) - Director
Join to apply for the
IAM Lead: Privileged Access Management (PAM) - Director
role at
SMBC Group
SMBC Group is a top‑tier global financial group headquartered in Tokyo with a 400‑year history. It offers a diverse range of financial services, including banking, leasing, securities, credit cards, and consumer finance. The Group has more than 130 offices, 80,000 employees worldwide, and operates across nearly 40 countries. Sumitomo Mitsui Financial Group, Inc. (SMFG) is the holding company of SMBC Group and one of the three largest banking groups in Japan.
In the Americas, SMBC Group has a presence in the US, Canada, Mexico, Brazil, Chile, Colombia, and Peru, offering commercial and investment banking services through its regional operating companies.
Role Description This role will be part of the IAM Architecture and Engineering function within SMBC. The individual will work with the Group Companies to provide elegant solutions that adhere to the core principles of Zero‑Trust, Just‑In‑Time, and Just‑Enough‑Access while maintaining a frictionless experience for end users and applications. The ideal candidate must be a subject‑matter expert in IAM and be familiar with modern authentication protocols and industry standards. The individual will play a key role in securing privileged identities, aligning PAM capabilities with zero‑trust and compliance frameworks, and leveraging products such as CyberArk, Delinea (Thycotic), Microsoft Entra PIM, and other PAM toolsets.
Role Objectives
Design and maintain end‑to‑end PAM architecture including vaulting, session monitoring, just‑in‑time access, and admin workflows
Lead deployment and configuration of CyberArk components (PVWA, CPM, PSM, Conjur, etc.)
Integrate CyberArk or Delinea Secret Server and/or other PAM tools into hybrid/cloud infrastructure
Implement and manage Microsoft Entra PIM for JIT elevation and role lifecycle controls
Architect and enforce least‑privilege models (RBAC, JIT, ABAC) across on‑prem and cloud platforms (Azure, AWS, GCP)
Partner with IAM, SOC, Security Architecture, Infrastructure and Application teams to enforce privilege identity policies
Automate PAM provisioning and approval workflows and integrate with ServiceNow
Maintain logging and monitoring of privilege activities and integration with SIEM tools like Microsoft Sentinel and Cribl
Document architecture, SOPs, onboarding processes, and contribute to policy documents
Research and evaluate PAM platforms, tools, and technologies that meet the organization’s needs
Provide guidance and mentorship to other team members on PAM best practices and emerging technologies
Provide guidance and documentation for Infrastructure/Database/Cloud/App teams to embed PAM services in their day‑to‑day operations, ensuring seamless integration, good adoption, and optimal performance
Qualifications And Skills
5+ years of experience in identity and access management, with a focus on PAM
Strong understanding of identity management protocols (OAuth, OpenID Connect, SAML, etc.) and deep expertise in CyberArk and Delinea
Proficient with Microsoft Entra PIM, Azure RBAC, and Entra ID roles
Experience with implementing JIT, break‑glass, and PAM for human and non‑human identities
Strong scripting skills
Strong problem‑solving skills, with the ability to analyze complex technical environments and develop effective solutions
Excellent communication and interpersonal skills, with the ability to collaborate across teams and influence stakeholders
High attention to detail and self‑driven
Education/Certification
Bachelor’s degree in Computer Science, Information Technology, or related field
Certification – CISSP, cloud or other Security related
CyberArk experience/training/certification is a plus
Additional Requirements SMBC’s employees participate in a Hybrid workforce model that provides opportunity to work from home as well as from an SMBC office. SMBC requires employees to live within a reasonable commuting distance of their office location. Prospective candidates will learn more about their specific hybrid work schedule during the interview process. Hybrid work may not be permitted for certain roles, such as certain FINRA‑registered roles that require in‑office attendance for the entire workweek. SMBC provides reasonable accommodations during candidacy for applicants with disabilities consistent with applicable federal, state, and local law. If you need a reasonable accommodation during the application process, please let us know at accommodations@smbcgroup.com.
#J-18808-Ljbffr
IAM Lead: Privileged Access Management (PAM) - Director
role at
SMBC Group
SMBC Group is a top‑tier global financial group headquartered in Tokyo with a 400‑year history. It offers a diverse range of financial services, including banking, leasing, securities, credit cards, and consumer finance. The Group has more than 130 offices, 80,000 employees worldwide, and operates across nearly 40 countries. Sumitomo Mitsui Financial Group, Inc. (SMFG) is the holding company of SMBC Group and one of the three largest banking groups in Japan.
In the Americas, SMBC Group has a presence in the US, Canada, Mexico, Brazil, Chile, Colombia, and Peru, offering commercial and investment banking services through its regional operating companies.
Role Description This role will be part of the IAM Architecture and Engineering function within SMBC. The individual will work with the Group Companies to provide elegant solutions that adhere to the core principles of Zero‑Trust, Just‑In‑Time, and Just‑Enough‑Access while maintaining a frictionless experience for end users and applications. The ideal candidate must be a subject‑matter expert in IAM and be familiar with modern authentication protocols and industry standards. The individual will play a key role in securing privileged identities, aligning PAM capabilities with zero‑trust and compliance frameworks, and leveraging products such as CyberArk, Delinea (Thycotic), Microsoft Entra PIM, and other PAM toolsets.
Role Objectives
Design and maintain end‑to‑end PAM architecture including vaulting, session monitoring, just‑in‑time access, and admin workflows
Lead deployment and configuration of CyberArk components (PVWA, CPM, PSM, Conjur, etc.)
Integrate CyberArk or Delinea Secret Server and/or other PAM tools into hybrid/cloud infrastructure
Implement and manage Microsoft Entra PIM for JIT elevation and role lifecycle controls
Architect and enforce least‑privilege models (RBAC, JIT, ABAC) across on‑prem and cloud platforms (Azure, AWS, GCP)
Partner with IAM, SOC, Security Architecture, Infrastructure and Application teams to enforce privilege identity policies
Automate PAM provisioning and approval workflows and integrate with ServiceNow
Maintain logging and monitoring of privilege activities and integration with SIEM tools like Microsoft Sentinel and Cribl
Document architecture, SOPs, onboarding processes, and contribute to policy documents
Research and evaluate PAM platforms, tools, and technologies that meet the organization’s needs
Provide guidance and mentorship to other team members on PAM best practices and emerging technologies
Provide guidance and documentation for Infrastructure/Database/Cloud/App teams to embed PAM services in their day‑to‑day operations, ensuring seamless integration, good adoption, and optimal performance
Qualifications And Skills
5+ years of experience in identity and access management, with a focus on PAM
Strong understanding of identity management protocols (OAuth, OpenID Connect, SAML, etc.) and deep expertise in CyberArk and Delinea
Proficient with Microsoft Entra PIM, Azure RBAC, and Entra ID roles
Experience with implementing JIT, break‑glass, and PAM for human and non‑human identities
Strong scripting skills
Strong problem‑solving skills, with the ability to analyze complex technical environments and develop effective solutions
Excellent communication and interpersonal skills, with the ability to collaborate across teams and influence stakeholders
High attention to detail and self‑driven
Education/Certification
Bachelor’s degree in Computer Science, Information Technology, or related field
Certification – CISSP, cloud or other Security related
CyberArk experience/training/certification is a plus
Additional Requirements SMBC’s employees participate in a Hybrid workforce model that provides opportunity to work from home as well as from an SMBC office. SMBC requires employees to live within a reasonable commuting distance of their office location. Prospective candidates will learn more about their specific hybrid work schedule during the interview process. Hybrid work may not be permitted for certain roles, such as certain FINRA‑registered roles that require in‑office attendance for the entire workweek. SMBC provides reasonable accommodations during candidacy for applicants with disabilities consistent with applicable federal, state, and local law. If you need a reasonable accommodation during the application process, please let us know at accommodations@smbcgroup.com.
#J-18808-Ljbffr