Job Description

Responsibilities

• Own the enterprise IAM strategy encompassing identity governance and administration (IGA), privileged access management (PAM), authentication services.
• Lead, mentor, and develop a team of IAM engineers, analysts, and architects; set clear performance expectations and cultivate a culture of operational excellence.
• Design and enforce access certification programs (UAR) that satisfy FRB and TXDoB examination requirements, including evidence packaging for regulatory inquiries.
• Drive the adoption of Zero Trust principles across identity — least-privilege enforcement, just-in-time access, and continuous authentication controls.
• Manage the lifecycle of IAM platforms (e.g., SailPoint, Delinea, Entra ID, Okta) including roadmap planning, vendor management, and platform engineering.
• Partner with application development, cloud engineering, and business line owners to integrate IAM controls into CI/CD pipelines, cloud-native workloads, and SaaS applications.
• Establish and maintain identity-related KPIs and risk metrics; present posture and trend reporting to the CISO, CIO, CRO, and board committees.
• Ensure compliance with SOX ITGC requirements for access provisioning, deprovisioning, and segregation of duties across financially significant applications.
• Lead incident response activities related to identity compromise, credential theft, and privilege escalation — coordinating with the SOC and threat intelligence teams.
• Align IAM capabilities with regulatory frameworks including NIST 800-63, FFIEC Authentication Guidance, and other directive controls as applicable.
• Drive automation strategies to reduce manual provisioning, accelerate joiner-mover-leaver processes, and improve access request fulfillment SLAs.
• Perform risk assessments of third-party identity integrations and federated trust relationships; own the technical due diligence for IAM-adjacent vendor selections.

Qualifications

• Bachelor’s degree in Information Security, Information Technology, Computer Science, Engineering, or related field.
• Minimum 10 years of progressive experience in Identity and Access Management, Information Security, or a closely related discipline.
• 5+ years’ experience in Financial Services or Banking — familiarity with OCC, FFIEC, SEC, and SOX regulatory expectations required.
• 5+ years’ experience leading people managers and building high-performing teams.
• Deep technical knowledge of IGA platforms (SailPoint IdentityNow/IIQ, Saviynt, or equivalent) and PAM solutions (CyberArk, Delinea, or equivalent).
• Strong knowledge of directory services and federation protocols — Active Directory, Entra ID, SAML, OIDC, SCIM, and LDAP.
• Advanced knowledge of regulatory and control frameworks relevant to access management (FFIEC, NIST CSF, NIST 800-53, COBIT, ITIL).
• Demonstrated experience designing and defending access certification (UAR) programs under regulatory examination.
• Strong understanding of cloud IAM models (AWS IAM, Azure RBAC) and hybrid identity architectures.
• Experience with Zero Trust identity concepts — conditional access policies, risk-based authentication, and continuous verification.
• Advanced ability to translate complex identity requirements into scalable, auditable controls.
• Advanced ability to influence and build relationships with LOB stakeholders, leadership, internal audit, and external examiners.
• Advanced ability to obtain, analyze, and synthesize information from multiple sources, including access risk metrics and compliance data.
• Advanced analytical mindset focused on results with critical thinking, research, problem-solving, and decision-making skills.
• Highly self-motivated with a strong sense of initiative.
• Strong ability to manage competing priorities across concurrent large, complex programs and regulatory deliverables.
• Strong verbal, written, and interpersonal communication skills — able to articulate IAM risk to both technical and non-technical audiences.

Preferred Qualifications

• CISSP, CISM, or CISA certification.
• Specialized IAM certification (e.g., SailPoint Certified IdentityNow Engineer)
• Experience leading an IAM program through a regulatory remediation or MRA/MRIA response.

The duties listed above are the essential functions, or fundamental duties within the job classification. The essential functions of individual positions within the classification may differ. Texas Capital Bank may assign reasonably related additional duties to individual employees consistent with standard departmental policy.Texas Capital is an Equal Opportunity Employer.