Director of Product Management, EIAM – Authorization (Global Security)

Job Description

Job Description What is the opportunity? The Director of Product Management, EIAM – Authorization, is responsible for defining and executing the product strategy for RBC's Enterprise Identity and Access Management (EIAM) Authorization platform and capabilities. This role encompasses policy-driven access control, entitlement management, decision engines, and real-time authorization enforcement across enterprise applications. The Director will drive innovation in authorization technologies, including AI-enhanced policy engines and Just-In-Time (JIT) access models, to enable secure, compliant, and frictionless access decisions at scale. Authorization is the critical enforcement point where identity decisions translate into business and security outcomes. This role shapes how RBC makes access decisions in real-time, balances security with business agility, and ensures compliance at scale. You'll lead the evolution from static, role-based access to dynamic, risk-informed, AI-enhanced authorization that protects the organization while enabling business velocity. What will you do? Authorization Platform Product Management Own end-to-end product strategy and roadmap for authorization capabilities: policy engines, entitlement management, access decision frameworks, and real-time enforcement Define authorization patterns and standards (ABAC, RBAC, attribute-based policy models) that scale across RBC's diverse application ecosystem Lead requirements definition for policy information points (PIPs) and policy decision points (PDPs) enabling dynamic, risk-informed access decisions Establish authorization best practices, frameworks, and guardrails aligned with Zero Trust Architecture principles Risk-Informed Authorization Strategy Integrate identity risk scoring, HR performance data, and critical application sensitivity into real-time authorization decisions Define product requirements for JIT access models that shift from standing access to time-limited, context-aware provisioning Develop authorization policies that evolve based on risk signals (anomalous behavior, policy violations, regulatory triggers) Establish audit, logging, and compliance reporting capabilities for all authorization decisions and policy enforcement Policy & Compliance Management Drive authorization policy harmonization across lines of business, reducing inconsistency and risk exposure Ensure authorization capabilities meet regulatory requirements (FRB, Part 30, OSFI, SOX, GLBA) Define separation of duties (SoD), conflict of interest (CoI), and policy violation detection and remediation workflows Establish compliance monitoring and 3LOD independent review processes for authorization controls Enterprise Integration & Standardization Define integration patterns for authorization across applications, APIs, microservices, and cloud environments Lead standardization of authorization frameworks to reduce application sprawl and inconsistent access control implementations Develop product requirem

Required Skills