Job Description

Job Information


Job Opening ID


ZR_2089_JOB
Industry


Cyber Security & IT
Job Type


Full time
Date Opened


30/06/2025
City


Dubai
Country


United Arab Emirates




As a Manager IAM & GRC, you will be at the intersection of identity governance and risk management, playing a pivotal role in advancing Deriv's security posture. This hybrid position combines deep hands-on expertise in Identity and Access Management (IAM) with strategic oversight of Governance, Risk, and Compliance (GRC) programs.

You will be responsible for leading the IAM strategy and operations, improving lifecycle processes, and driving automation with a special focus on AI adoption. On the GRC front, you will manage internal controls, compliance audits, and regulatory frameworks such as ISO 27001, GDPR, and DORA. The role demands proactive collaboration with teams across Security, IT, Compliance, and Risk to ensure integrated security governance in a remote-first environment.

This role is ideal for a security professional who thrives in both technical leadership an governance responsibilities and wants to impact identity-centric security and compliance across a growing global fintech organization.

Key Responsibilities

Identity & Access Management (IAM) Leadership

Define and lead IAM lifecycle processes including provisioning, deprovisioning, and access reviews across all systems. Automate and optimize IAM operations using scripting, APIs, or AI-powered tools. Lead onboarding and offboarding workflows, ensuring least privilege and Zero Trust principles are enforced. Manage and enhance identity integrations across SSO, MFA, PAM tools, and cloud environments (e.g., Okta, Google Workspace, Azure AD). Monitor IAM policy enforcement and remediate violations in coordination with IT and Engineering teams.

Governance, Risk, and Compliance (GRC) Oversight

Design and implement in collaboration with other teams, risk assessment and compliance frameworks aligned with ISO 27001, GDPR, DORA, and SOC2. Coordinate internal and external audits, manage audit readiness, and track remediation activities. Maintain enterprise-wide risk registers, compliance dashboards, and security policies. Conduct third-party risk assessments and due diligence to ensure secure vendor engagements. Provide continuous reporting to leadership and regulators. Lead the planning and execution of Security Awareness programs, including regular training sessions, phishing simulations, and internal campaigns. Develop educational materials, posters, and guidance to promote a security-first culture across the organization. Measure engagement and effectiveness of awareness initiatives and report findings to senior leadership.

Security Automation & AI Adoption

Leverage AI technologies to improve user access reviews, risk scoring, and policy enforcement. Create and maintain automated GRC workflows to enhance efficiency and transparency. Build and integrate bots or scripts that direct users to relevant policies or compliance requirements dynamically.

Cross-Functional Security Governance

Serve as the key liaison between Security, Risk, IT, and Compliance teams to align on access governance and control objectives. Provide mentoring and leadership within the team and across departments on IAM and GRC best practices. Contribute to security awareness initiatives and help foster a culture of compliance and accountability. Support M&A and business expansion efforts with scalable access and compliance frameworks.

Who You Are

8+ years of experience in cybersecurity with a focus on IAM and GRC leadership. Proven experience implementing or managing IAM/PAM solutions (Okta, Azure AD, CyberArk, etc.). Strong knowledge of data privacy regulations and security frameworks (GDPR, ISO 27001, SOC2, DORA). Demonstrated success in leading internal and external security audits and managing remediation efforts. Hands-on experience with GRC platforms (JIRA, Archer, ProcessUnity, ServiceNow). Adept at risk assessment methodologies and third-party risk management practices. Able to collaborate with distributed teams and communicate effectively across technical and non-technical audiences. Certifications such as ISO 27001 Lead Auditor/Implementer, CISA (in progress or completed), or equivalent are strongly preferred.

What We Offer

A leadership role in a high-growth fintech company with a strong focus on security innovation and compliance. The opportunity to drive automation and AI-based improvements in IAM and GRC processes. A collaborative environment working alongside cybersecurity, risk, and engineering experts. Competitive compensation, global team engagement, and remote work flexibility. Clear career growth pathways in security leadership and governance.

Why Join Deriv?

At Deriv, safeguarding our systems and customers starts with strong identity management and resilient compliance programs. Our Security team leads initiatives that go beyond checkboxes, integrating security into every layer of our business. This role offers a unique opportunity to shape how identity, governance, and risk intersect at a global scale.

If you're passionate about secure access, smart automation, and proactive risk management--join us to help protect millions of global traders and build secure fintech infrastructure for the future