Job Description
We are supporting a leading European Bank in their search for an IAM Modeller. The role will be fully remote and outside IR35.
The IAM Role Modeler is responsible for designing, validating, and maintaining enterprise role models that enable secure, compliant, and scalable Role-Based Access Control (RBAC) within a banking environment.
The role translates business functions and responsibilities into standardized access roles, ensuring least privilege, segregation of duties (SoD), and auditability across on-premises, cloud, and hybrid platforms.
The IAM Role Modeler is a key contributor to the Identity & Access Management transformation programme, supporting regulatory compliance (eg ECB, GDPR), security risk reduction, and automation of access life cycle processes.
Key Responsibilities
Enterprise Role Modelling & Design
- Design and document business roles, technical roles, and entitlement mappings aligned to organisational functions and job families
- Perform role mining and privilege mining across applications, directories, and platforms to identify current access patterns and rationalise them into target roles
- Define single, composite, and hybrid roles suitable for automated provisioning
RBAC & SoD Control Implementation
- Control Implementation - define and maintain Segregation of Duties (SoD) and toxic combination models as part of RBAC design
- Classify roles by risk level (eg high-risk, privileged, business-critical)
- Ensure RBAC models support least privilege, Zero Trust, and audit requirements
Privilege & Access Governance Alignment
- Support privilege modelling to distinguish standard access from elevated and administrative privileges
- Align RBAC roles with PAM, IGA, and access review processes
- Ensure role definitions support certifications, recertification cycles, and access reviews
Stakeholder & Business Engagement
- Work closely with business owners, application owners, security, and IAM engineers to validate role definitions
- Facilitate workshops to map business activities - access needs - roles
- Act as the subject-matter expert for RBAC design decisions
Tooling, Integration & Automation Support
- Support implementation of RBAC within IGA platforms and IAM tooling (eg AD, Entra ID, cloud IAM, application connectors)
- Ensure roles are suitable for automated provisioning and de-provisioning via Joiner-Mover-Leaver processes
- Contribute to bulk role creation, modification, and decommissioning strategies
Documentation, Governance & Audit Readiness
- Maintain role catalogues, entitlement mappings, and ownership records
- Ensure traceability from business requirement role entitlement - system
- Support internal and external audits by providing clear, defensible RBAC documentation
Key Deliverables
- Enterprise RBAC role catalogue
- Role-to-entitlement and application mapping
- SoD and toxic combination matrices
- Role risk classification and ownership model
- Input to IAM policies, standards, and operating procedures
Skills & Experience
- Strong experience in IAM, RBAC, and access governance within regulated environments
- Practical knowledge of role mining, privilege modelling, and SoD design
- Experience working with Active Directory, Entra ID, cloud IAM, and enterprise applications
- Ability to translate business processes into access models
