Identity Security Manager (GOV) - Tempus

Position OverviewAt PNC, our people are our greatest differentiator and competitive advantage in the markets we serve. We are all united in delivering the best experience for our customers. We work together each day to foster an inclusive workplace culture where all of our employees feel respected, valued and have an opportunity to contribute to the company’s success. As an Identity Security Manager (GOV) within PNC's Tempus Technologies organization, you may be based in a remote location. Tempus Technologies, Inc. is the expert leader of secure payments at the point of interaction. For more than 25 years, innovation and producing high quality custom-ready solutions is at the forefront of everything we do. We’re committed to developing exceptional point-of-sale payment integration technology and software solutions to meet the growing needs of our customers’ business requirements. Our knowledgeable and friendly employees are passionately dedicated to delivering world-class support to every client. We thrive in a transparent culture that understands the value of shared ideas, teamwork, and excellence in everything we do. The Identity Security Manager is responsible for owning, operating, and maturing the organization’s identity, privileged access, and secrets management programs to reduce risk, enforce least privilege, and support secure business operations. This role leads the design, implementation, and day‑to‑day execution of Identity and Access Management (IAM) and Privileged Access Management (PAM) services across workforce, application, and infrastructure environments.The ideal candidate brings strong technical expertise in modern IAM and PAM platforms, deep understanding of access control and identity governance principles, and proven leadership skills to guide teams through complex identity challenges. This role partners closely with Security Operations, Infrastructure, Application Engineering, Compliance, and Audit teams to ensure access is properly governed, monitored, and aligned with regulatory and business requirements.In addition, the Identity Security Manager drives continuous improvement of access lifecycle processes, privileged access controls, automation, and metrics to strengthen the organization’s overall security posture and enable scalable, auditable access management.Responsibilities: -Core IAM Operations· Lead day to day IAM operations, ensuring reliable and secure access provisioning, modification, and deprovisioning across the enterprise.· Own workforce and non-human identity lifecycle management, including joiner, mover, and leaver processes.· Serve as the escalation point for access related incidents, outages, or high-risk access scenarios.· Ensure IAM platforms operate with high availability, security, and performance, including on call readiness and operational support models.-Identity Governance & Administration· Own and mature the Identity Governance and Administration (IGA) program using SailPoint.· Lead access certification campaigns, role modeling, entitlement management, and access reviews.· Drive automation of access requests, approvals, and policy enforcement.· Partner with Compliance and Audit teams to support evidence collection, remediation tracking, and control validation.· Define and maintain identity governance policies aligned to least privilege and segregation of duties principles.-Core PAM Operations· Lead the design, implementation, and operation of PAM capabilities.· Own privileged account onboarding, credential rotation, session management, and access approval workflows.· Ensure strong controls for administrative, service, and emergency access.· Partner with Infrastructure and Engineering teams to onboard platforms, applications, and cloud workloads into PAM.· Develop metrics and reporting for privileged access usage, risk, and compliance.-Secrets Management (HashiCorp Vault)· Own enterprise secrets management strategy and implementation using HashiCorp Vault.· Ensure secure storage, rotation, and access control for application and infrastructure secrets.· Partner with development and platform teams to integrate Vault into CI/CD pipelines and runtime environments.· Drive best practices for non-human identities, dynamic credentials, and short-lived secrets.-IAM Architecture & Program Management· Define IAM architecture standards for workforce, application, cloud, and infrastructure access.· Evaluate and implement new IAM technologies, integrations, and automation opportunities.· Maintain IAM documentation including standards, procedures, and reference architectures.· Ensure IAM controls align with organizational risk appetite, audit requirements, and industry best practices.· Produce metrics and reporting related to access risk, policy compliance, and operational performance.-Leadership, Coaching & Continuous Improvement· Lead and mentor IAM/PAM engineers and analysts, providing technical guidance and career development.· Execute staffing decisions, onboarding, and performance management for the Identity Security team.· Identify process gaps and technical debt, driving improvements in automation, reliability, and scalability.· Champion strong documentation, operational discipline, and security by design principles.Key Relationships: · Security Operations & Application Security Teams· IT Infrastructure & Cloud Engineering· Software Development Teams· Compliance, Audit & Risk Management· Executive Leadership· External Vendors & Implementation PartnersQualifications: · CCSP, CISSP, GCIA, GCIH, GCFA, CySA+ or equivalent certifications.· Hands‑on experience with SailPoint, CyberArk, and HashiCorp Vault in enterprise environments. · Strong understanding of IAM concepts including identity lifecycle management, RBAC/ABAC, least privilege, and zero trust. · Experience integrating IAM solutions with cloud platforms, SaaS applications, and on‑prem infrastructure. · Familiarity with compliance frameworks such as PCI DSS, SOC 2, HIPAA, and other regulate