Technology Director

About this role: Wells Fargo is seeking a Technical Director in Cybersecurity as part of Identity Access Management. Learn more about career areas and business divisions at wellsfargojobs.com This role will serve as Head of Identity and Access Management Architecture to define, lead, and govern the enterprise-wide Identity Security architecture. This role serves as the chief architect, strategic owner, and technical authority across all identity domains-including Access Management, IAM, PAM, IGA, Zero Trust, Directory Services, Cloud Identity, CIEM, Secrets & Certificates, Machine/Workload Identity, Workforce & Customer IAM, Identity Threat Detection, and AI-driven automation. This leader owns the end-to-end identity architecture strategy, establishes enterprise standards and guardrails, and partners with product, engineering and operational teams in delivering secure, scalable, and compliant identity capabilities. In alignment with key partners, this leader ensures identity becomes a unified, modern, cloud-aligned ecosystem that supports regulatory expectations, business agility, Zero Trust maturity, automation, and long-term innovation. This is a hands-on, deeply technical, forward-looking architectural leadership role-not governance-only, not advisory, and not purely managerial. Key Responsibilities include, but are not limited to: Enterprise Identity Architecture Leadership Serve as the principal architect and final decision-maker for all Identity Security standards, patterns, and target-state architectures. Lead the Enterprise Identity Architecture & Governance Council, approving identity designs and technology decisions across the enterprise. In alignment with key partners, define the enterprise-wide identity strategy and multi-year modernization roadmap spanning workforce, customer, cloud, machine, and privileged identities. Ensure identity architecture is the source of truth for what is built and how it functions; product and engineering execute according to architectural guidance. Access Management (AM) Architecture Own architecture for authentication, authorization, federation, and session security across all applications, APIs, SaaS platforms, and cloud workloads. Govern standards for OIDC, OAuth2, SAML, SCIM, adaptive access, passwordless authentication, token lifecycle, and continuous access evaluation. Define authorization models (RBAC, ABAC, PBAC, policy-as-code) and centralized authorization services. Establish onboarding patterns for applications, APIs, and services-claims, scopes, tokens, PEP/PDP integrations, enforcement points. Integrate Access Management with IGA, PAM, CIEM, and Zero Trust decision engines. Privileged Access Management (PAM) Architecture Serve as the enterprise authority for privileged identity control across infrastructure, cloud, applications, and databases. Architect CyberArk, BeyondTrust, Conjur, cloud-native PAM (Azure PIM, AWS IAM roles), and privileged session monitoring. Define patterns for vaulting, credential rotation, JIT elevation, ephemeral privileged access, break-glass, and session capture. Establish governance for service accounts, machine identities, and non-human privileged credentials-including discovery, lifecycle, and rotation. Drive integration of PAM telemetry into SIEM, UEBA, CIEM, and ITDR frameworks for real-time privilege misuse detection. Ensure PAM architecture meets OCC, FRB, FDIC, and SOX expectations for high-risk controls. Identity Governance & Administration (IGA) Own architecture for SailPoint, Saviynt, and enterprise lifecycle engines. Define JML flows, access modeling, separation-of-duties (SoD), entitlement schemas, access certification, and automated governance. Establish authoritative source strategy, attribute governance, and access approval workflows aligned with Zero Trust and least privilege principles. IAM / Workforce Identity Architect workforce SSO, MFA, password-less, continuous access, conditional access, and hybrid identity patterns across Entra/Azure AD and legacy directories. Oversee modernization and consolidation of domain architectures, forests, trusts, and synchronization schemas. Cloud Identity & CIEM Define identity and access patterns across Azure, AWS, and GCP, including workload identity, cloud-native roles, identity federation, and resource-based policies. Own CIEM strategy, ensuring cloud entitlement reduction, remediation automation, and unified cloud identity visibility. Architect workload identity with managed identities, IRSA, service principals, and token-based trust for microservices and containers. Machine & Workload Identity, Secrets & Certificate Architect lifecycle governance for non-human identities across applications, services, APIs, Kubernetes, and serverless workloads. Govern enterprise platforms such as SPIFFE/SPIRE, HashiCorp Vault, CyberArk Conjur, Azure Key Vault, AWS Secrets Manager. Own certificate lifecycle automation, short-lived certificates, mutual TLS patterns, and enterprise PKI modernization. Define enforcement of identity hygiene, rotation standards, and automated credential issuance. Zero Trust Identity Architecture Lead identity as the control plane for Zero Trust. Architect continuous evaluation of identity, device, network, and behavioral signals. Define integration of identity telemetry with network, endpoint, cloud, and application layers. Own adaptive MFA, risk-based authorization, context scoring, and per-request identity verification. Identity Threat Detection & Response (ITDR) Architect identity-centric threat detection across IAM, PAM, IGA, cloud IAM, CIEM, and directories. Define identity threat use cases: anomalous logins, lateral movement, privilege escalation, machine identity compromise, etc. Integrate identity telemetry with SIEM, UEBA, SOAR, and detection engineering programs. Deploy honeytokens, identity deception patterns, and privileged canaries for early threat detection. SaaS & Third-Party App Integration Define SSO/SCIM onboarding patterns for SaaS and external applications. Establish guardrails for shadow IT discovery and integration into enterprise identity flows. Ensure third-party integrations support centralized lifecycle control, role mapping, monitoring, and compliance. M&A, Legacy Integration, & Major Programs Own identity integration strategy for acquisitions, divestitures, and large platform transformation initiatives. Define transitional architectures, coexistence patterns, and integration guardrails for legacy systems. Ensure all new programs align with the enterprise identity architecture from inception. Identity-As-Code, Automation & DevSecOps Lead automation of lifecycle, governance, and access controls through API-first patterns, infra-as-code, and identity-as-code. Embed identity into CI/CD pipelines with continuous policy enforcement, automated compliance checks, and access drift prevention. Replace legacy RPA and manual provisioning with orchestrated, event-driven identity flows. Identity Data Architecture & Telemetry Define identity data strategy: authoritative sources, lineage, schema governance, metadata, identity graphs, and telemetry pipelines. Implement unified identity visibility and analytics across human and machine identities. Ensure identity data quality and consistency across enterprise platforms. Resilience, DR, and Continuity for Identity Define HA, DR, and continuity architecture for IAM, PAM, IGA, directories, vaults, and CIAM. Ensure critical identity services are resilient, geopresent, and compliant with business RTO/RPO requirements. Lead enterprise exercises validating identity availability during crises and disasters. Security, Risk & Regulatory Alignment Ensure identity architectures exceed expectations from OCC, FRB, FDIC, SOX, and internal audit bodies. Serve as the senior technical authority during regulatory exams, audits, and risk committee reviews. Architect proactive controls and automation that reduce manual burden and audit findings. Cross-Functional Leadership & Influence Direct product, engineering, and operations teams on identity architecture implementation. Partner across cybersecurity, cloud architecture, infrastructure, data, and application teams. Represent identity in executive forums, strategy councils, and enterprise steering committees. Lead a high-performance identity architecture team responsible for design authority, standards, and innovation. What Success Looks Like A unified, modern, automated identity ecosystem with minimized risk and friction. All application and cloud teams building to your architectural guardrails. Reduced audit findings and improved regulatory posture. Workforce, customer, cloud, and machine identities governed under a single strategic architecture. Identity recognized as a strategic business enabler and core security control plane. AI Identity Security Serve as the enterprise architect for identity and access controls for AI and GenAI systems, including internally developed platforms and third-party/vendor AI services. Define secure identity patterns for human-to-AI, AI-to-system, and AI-to-AI interactions, ensuring strong authentication, fine-grained authorization, least-privilege execution, and auditability. Establish standards for AI service identities and autonomous agent identities, including scoped delegation, lifecycle governance, and human-in-the-loop controls for sensitive actions. Architect and govern policy-based access controls for AI models, prompts, embeddings, datasets, and downstream system actions. Provide architectural oversight and technical evaluation of AI identity-related platforms and third-party solutions, defining requirements and guardrails aligned with enterprise identity standards and Zero Trust. Ensure AI identity telemetry integrates with IAM, PAM, IGA, CIEM, and identity threat detection to prevent misuse, privilege escalation, and unauthorized access. Required Qualifications: 8+ years of Technology Strategic Leadership experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education 4+ years of management or leadership experience Desired Qualifications: 8+ years of technology engineering experience Strong leadership and people management experience in a technology environment 8 + years of experience leading a global organization through a transformation from a project-based organization to a Customer Journey and Product based organization based on Agile methodologies 8 + years of experience leading a global organization through a transformation from a project-based organization to a Customer Journey and Product based organization based on Agile methodologies 7+ years of application development and implementation experience 5+ years of experience with strategic planning in technology AI/ML experience applied to identity governance and automation. Experience with OPA/Rego and policy-as-code systems. Background in financial services or heavily regulated environments. Familiarity with SABSA, TOGAF, Zero Trust frameworks. Proven success driving enterprise-wide architectural adoption. Locations: 194 Wood Ave S, Iselin, NJ 08830 Posting Statements: Job posting may come down early due to volume of applicants. Required location(s) listed above. Relocation assistance is not available for this position Salary range is determined by location of the job. May be considered for a discretionary bonus, Restricted Share Rights, or other long - term incentive awards. This position is not eligible for visa sponsorship Pay Range Reflected is the base pay range offered for this position. Pay may vary depending on factors including but not limited to demonstrated examples of prior performance, skills, experience, or work location. Employees may also be eligible for incentive opportunities. $215,000.00 - $355,000.00 Benefits Wells Fargo provides eligible employees with a comprehensive set of benefits, many of which are listed below. Visit Benefits - Wells Fargo Jobs for an overview of the following benefit plans and programs offered to employees. Health benefits 401(k) Plan Paid time off Disability benefits Life insurance, critical illness insurance, and accident insurance Parental leave Critical caregiving leave Discounts and savings Commuter benefits Tuition reimbursement Scholarships for dependent children Adoption reimbursement Posting End Date: 12 Mar 2026 Job posting may come down early due to volume of applicants. We Value Equal Opportunity Wells Fargo is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other legally protected characteristic. Employees support our focus on building strong customer relationships balanced with a strong risk mitigating and compliance-driven culture which firmly establishes those disciplines as critical to the success of our customers and company. They are accountable for execution of all applicable risk programs (Credit, Market, Financial Crimes, Operational, Regulatory Compliance), which includes effectively following and adhering to applicable Wells Fargo policies and procedures, appropriately fulfilling risk and compliance obligations, timely and effective escalation and remediation of issues, and making sound risk decisions. There is emphasis on proactive monitoring, governance, risk identification and escalation, as well as making sound risk decisions commensurate with the business unit's risk appetite and all risk and compliance program requirements. Applicants with Disabilities To request a medical accommodation during the application or interview process, visit Disability Inclusion at Wells Fargo. Drug and Alcohol Policy Wells Fargo maintains a drug free workplace. Please see our Drug and Alcohol Policy to learn more. Wells Fargo Recruitment and Hiring Requirements: a. Third-Party recordings are prohibited unless authorized by Wells Fargo. b. Wells Fargo requires you to directly represent your own experiences during the recruiting and hiring process.

Created: 2026-03-12