• The Group Head – Identity & Access Management (IAM) is responsible for steering Equity Group’s established IAM framework across all subsidiaries in East Africa. This executive role safeguards secure, efficient, and compliant user access to banking systems and digital services while enabling the Group’s digital transformation. This role directs strategy and oversees operations for Identity Governance & Administration (IGA), Privileged Access Management (PAM), end-to-end user-lifecycle automation, access recertification, and the secure integration of identity services across Equity Group’s banking and non-banking subsidiary operations.

THE KEY RESPONSIBILITIES

• Refine and execute the Group-wide IAM strategy and roadmap, aligning with business objectives, regulatory frameworks, and the Group’s cybersecurity strategy.
• Ensure IAM and PAM remain critical business enablers while reducing risk and maintaining regulatory compliance.
• Lead a multi-country IAM structure, managing cross-border teams, vendors, and system integrators.
• Present regular updates to executive committees, boards, and regulators on IAM posture, risks, and performance.
• Oversee the end-to-end Joiner-Mover-Leaver lifecycle across all entities, ensuring automated provisioning, seamless role transitions, and timely de-provisioning.
• Integrate IAM controls with HR systems, core banking platforms, Active Directory, cloud services, and third-party fintech partners to deliver automated identity workflows.
• Maintain role catalogues, entitlement matrices, and Segregation of Duties (SoD) frameworks while driving high levels of automation to reduce manual errors.
• Own the configuration, customization, and scaling of the Group’s IGA platform.
• Prioritize onboarding of critical applications (core banking, payments, SWIFT, treasury, internet banking, HR/ERP, SaaS) into the IGA platform.
• Implement role-based access control (RBAC) and least privilege policies across all systems and deliver executive dashboards on users, entitlements, SoD conflicts, and exceptions.
• Define and lead the Group PAM strategy to secure administrator, root, and other privileged accounts.
• Deploy, configure, and manage PAM tools, ensuring central control and password vaulting/rotation for all privileged credentials.
• Implement Just-in-Time (JIT) provisioning and privileged session monitoring to minimize standing privilege and improve auditability.
• Conduct periodic access recertification campaigns and standardize review processes for managers, role owners, and application owners.
• Ensure compliance with diverse regulations, including central bank guidelines, GDPR, PCI-DSS, ISO 27001, and local data-protection laws across all operating countries.
• Maintain audit-ready documentation and provide evidence to internal/external auditors, remediating findings promptly.
• Operate centralized access request and approval processes for employees, contractors, and third parties with self-service portals and automated approval workflows.
• Enforce least privilege and SoD controls across on-premises, cloud, and fintech partner ecosystems.
• Manage a dedicated team to ensure all access requests are fulfilled within agreed SLAs.
• Define and maintain IAM and PAM policies, standards, and control requirements.
• Integrate IAM risk scoring into the Group’s enterprise cyber-risk framework.
• Partner with enterprise risk, cybersecurity, compliance, and internal audit to manage IAM risk holistically.
• Continuously monitor global IAM trends to embed modern practices such as Zero Trust and cloud-native IAM.

CORE ACCOUNTABILITIES AND DELIVERABLES  

• IAM Strategy & Governance: Develop and implement the Group-wide Identity and Access Management strategy, policies, and standards.
• Operational Oversight: Lead IAM operations across all subsidiaries, including user provisioning, role management, and access certification.
• Cross-Functional Leadership: Partner with IT, security, risk, compliance, and business units to ensure secure and efficient access management.
• Third-Party & Vendor Management: Oversee IAM solution providers, ensuring effective service delivery and integration with internal processes.
• Risk & Compliance: Ensure IAM practices meet regulatory, audit, and cybersecurity requirements while mitigating identity-related risks.
• Reporting & Continuous Improvement: Provide regular updates to executive leadership and drive enhancements to IAM capabilities, tools, and processes.
• COMPLEXITY EXPECTED IN THE ROLE ( EG, MULTIPLE COUNTRIES, CROSS-FUNCTIONAL RESPONSIBILITIES, DELIVERING THROUGH OTHER THIRD PARTIES, EG..)  
• The Senior Manager: Identity Governance & Administration operates in a complex, fast-paced, and highly regulated environment spanning multiple countries within East and Central Africa. The role requires a deep understanding of identity risk management, regulatory compliance, and cybersecurity governance principles, applied across a diverse set of business units, IT landscapes, and user populations.

Key complexity factors include:

• Group-Wide Scope: Oversight across multiple subsidiaries and business functions with varying risk profiles and regulatory requirements.
• Cross-Functional Coordination: Requires extensive collaboration with Technology, HR, Audit, Risk, Compliance, and Business Leadership to ensure identity governance standards are consistently implemented and adhered to.
• Multi-System Integration: IGA processes must be tightly integrated with various source-of-truth systems (e.g., HRMS, AD, ERP, Core Banking), each with unique data models and workflows.
• Regulatory Requirements: Must proactively manage compliance with local and international data protection and cybersecurity laws (e.g., Kenya Data Protection Act, GDPR, CBK Guidelines, SOX).
• Dynamic Threat Landscape: Must respond to emerging threats, evolving technologies, and shifting business priorities while maintaining strong identity governance controls.
• Platform Governance: Responsible for overseeing the secure and compliant use of enterprise IGA tools (e.g., SailPoint), including continuous optimization and application onboarding.
• Influence without Authority: Must influence change and enforce governance in areas where direct authority is limited, requiring strong leadership, communication, and negotiation skills.
• With high visibility to Executive Management and the Board, the role is accountable for maintaining the integrity of Equity Group’s control environment and enabling business growth through effective and compliant security governance.

CRITICAL RELATIONSHIPS/STAKEHOLDERS/CONTACTS    

• Internal: Work with GCISO, executive leadership, IT, security, risk, compliance, legal, audit, business process owners, and IAM teams across all subsidiaries.
• External: Engage IAM vendors, technology providers, third-party contractors, auditors, regulators, and industry compliance bodies.

KEY TECHNICAL SKILLS & LEADERSHIP COMPETENCIES 

• Expert in IAM frameworks, tools, access governance, and compliance across multiple subsidiaries.
• Experience in IAM strategy, policy development, vendor management, and system integrations.
• Skilled in data-driven decision-making, reporting, and risk management.
• Strong executive presence, stakeholder management, and cross-functional collaboration.
• Proven ability to drive complex programs, change initiatives, and deliver results. 

Knowledge and Experience:

• Bachelor’s degree in computer science, Information Security, or related field; Master’s preferred.
• Certifications: CISSP, CRISC, CCSP
• 12+ years of information-security experience, with at least 5 years leading enterprise IAM programs in banking, financial services, or similarly regulated industries.
• Hands-on expertise with leading IGA platforms (e.g., SailPoint, Saviynt, Oracle), including proven experience in SailPoint integration, customization, and application onboarding, as well as PAM tools (e.g., CyberArk, Beyond Trust, Delinea).
• Strong understanding of RBAC/ABAC/SoD models and identity federation protocols (SAML, OAuth, OIDC).
• Deep knowledge of compliance frameworks such as PCI-DSS, ISO 27001, SOX, GDPR, and regional financial-sector regulatory requirements.
• Demonstrated success managing multi-country IAM implementations and working with diverse regulatory bodies.

• Refine and execute the Group-wide IAM strategy and roadmap, aligning with business objectives, regulatory frameworks, and the Group’s cybersecurity strategy.
• Ensure IAM and PAM remain critical business enablers while reducing risk and maintaining regulatory compliance.
• Lead a multi-country IAM structure, managing cross-border teams, vendors, and system integrators.
• Present regular updates to executive committees, boards, and regulators on IAM posture, risks, and performance.
• Oversee the end-to-end Joiner-Mover-Leaver lifecycle across all entities, ensuring automated provisioning, seamless role transitions, and timely de-provisioning.
• Integrate IAM controls with HR systems, core banking platforms, Active Directory, cloud services, and third-party fintech partners to deliver automated identity workflows.
• Maintain role catalogues, entitlement matrices, and Segregation of Duties (SoD) frameworks while driving high levels of automation to reduce manual errors.
• Own the configuration, customization, and scaling of the Group’s IGA platform.
• Prioritize onboarding of critical applications (core banking, payments, SWIFT, treasury, internet banking, HR/ERP, SaaS) into the IGA platform.
• Implement role-based access control (RBAC) and least privilege policies across all systems and deliver executive dashboards on users, entitlements, SoD conflicts, and exceptions.
• Define and lead the Group PAM strategy to secure administrator, root, and other privileged accounts.
• Deploy, configure, and manage PAM tools, ensuring central control and password vaulting/rotation for all privileged credentials.
• Implement Just-in-Time (JIT) provisioning and privileged session monitoring to minimize standing privilege and improve auditability.
• Conduct periodic access recertification campaigns and standardize review processes for managers, role owners, and application owners.
• Ensure compliance with diverse regulations, including central bank guidelines, GDPR, PCI-DSS, ISO 27001, and local data-protection laws across all operating countries.
• Maintain audit-ready documentation and provide evidence to internal/external auditors, remediating findings promptly.
• Operate centralized access request and approval processes for employees, contractors, and third parties with self-service portals and automated approval workflows.
• Enforce least privilege and SoD controls across on-premises, cloud, and fintech partner ecosystems.
• Manage a dedicated team to ensure all access requests are fulfilled within agreed SLAs.
• Define and maintain IAM and PAM policies, standards, and control requirements.
• Integrate IAM risk scoring into the Group’s enterprise cyber-risk framework.
• Partner with enterprise risk, cybersecurity, compliance, and internal audit to manage IAM risk holistically.
• Continuously monitor global IAM trends to embed modern practices such as Zero Trust and cloud-native IAM.

• Expert in IAM frameworks, tools, access governance, and compliance across multiple subsidiaries.
• Experience in IAM strategy, policy development, vendor manag

• BA/BSc/HND
• MBA/MSc/MA