VP, Identity & Access Management

Who We Are

Cross River builds the infrastructure behind the world’s most innovative financial products. Our technology and capital solutions power payments, cards, lending, and digital asset capabilities that move money safely, instantly, and inclusively — trusted by leading fintechs, enterprises, and disruptors across the globe.

Our mission is simple: to build the financial infrastructure that expands access and opportunity for all. Guided by a culture of collaboration, curiosity, and purpose, Cross River has been named one of American Banker’s Best Places to Work in Fintech year after year. Whether you’re designing code, solving regulatory puzzles, or developing strategy, you’ll join a team where innovation and integrity drive everything we do — and where your work helps shape the future of finance.

What We're Looking For

Cross River Bank is seeking a VP of Identity & Access Management (IAM) to build and lead a modern, risk-aligned, and automation-forward IAM program. Reporting to the VP of IT Security Engineering, this strategic and technical leader will drive the design, governance, and execution of IAM capabilities across our cloud, on-premises, and SaaS environments.

This role will be instrumental in maturing our identity lifecycle management, enforcing least privilege, and enhancing secure access governance—while ensuring compliance with FFIEC, SOC 2, PCI DSS, and other regulatory standards.

Responsibilities: 

Strategy & Leadership

• Define and own the bank’s IAM vision, roadmap, and architecture, aligned with security, compliance, and business goals.
• Build, lead, and mentor a small but high-performing IAM team, fostering a culture of collaboration, innovation, and accountability.
• Champion secure and scalable IAM practices across business units, product teams, and infrastructure domains.
• Partner with Engineering and Compliance to enhance identity governance maturity.

Lifecycle Management & Automation

• Oversee the design and automation of Joiner-Mover-Leaver processes.
• Drive implementation of access request workflows and access reviews through tools like ServiceNow, with tight policy enforcement and auditability.
• Reduce identity sprawl by enforcing role-based and attribute-based access controls (RBAC/ABAC).
• Support federated SSO and MFA rollout across all SaaS applications to eliminate shadow IT.

Privileged Access & Governance

• Lead the rationalization and control of privileged access across AWS, Azure (PIM), and legacy AD environments.
• Partner with Security Engineering and Audit to execute regular access reviews and design SoD frameworks.
• Define access certification cycles with actionable outputs for business owners.

Cloud & SaaS Identity

• Guide cloud identity strategies for Azure, AWS, and SaaS ecosystems to ensure secure and scalable access models.
• Collaborate with Engineering to securely onboard new SaaS vendors under centralized identity management and SSO.

Audit & Compliance

• Maintain IAM controls to meet FFIEC, SOC 2, and PCI DSS standards, and respond effectively to FDIC audits.
• Establish clear KPIs and metrics for IAM hygiene, access review coverage, and lifecycle automation.

Qualifications: 

• 10+ years in IAM, Information Security, or IT Risk roles, with 3+ years in a people management or technical leadership capacity.
• Hands-on experience with IAM platforms (e.g., SailPoint, Saviynt, Azure AD, CyberArk, Okta), ideally in a financial services or regulated environment.
• Deep knowledge of identity lifecycle automation, JML workflows, RBAC, ABAC, SSO, MFA, and PAM principles.
• Proven success aligning IAM strategy with risk, audit, and compliance functions.
• Familiarity with scripting or automation (PowerShell, Python) and modern identity protocols (SAML, OAuth2, OIDC, SCIM).
• Strong communication, influencing, and documentation skills; able to evangelize IAM to both technical and business audiences.
• Experience implementing or integrating with HRIS systems like Workday and ITSM systems like ServiceNow is a plus.
• Certifications preferred: CISSP, CISM, or vendor-specific IAM certs.

#LI-KR1 #LI-Hybrid #LI-Onsite 

Salary Range: $160,000.00 - $200,000.00