Ville : Toronto

Catégorie : Strategy | Project & Program Management

Industrie : Financial/Banking

Employeur : RBC

What is the opportunity?

The Director of Product Management, EIAM – Authorization, is responsible for defining and executing the product strategy for RBC's Enterprise Identity and Access Management (EIAM) Authorization platform and capabilities. This role encompasses policy-driven access control, entitlement management, decision engines, and real-time authorization enforcement across enterprise applications. The Director will drive innovation in authorization technologies, including AI-enhanced policy engines and Just-In-Time (JIT) access models, to enable secure, compliant, and frictionless access decisions at scale.

Authorization is the critical enforcement point where identity decisions translate into business and security outcomes. This role shapes how RBC makes access decisions in real-time, balances security with business agility, and ensures compliance at scale. You'll lead the evolution from static, role-based access to dynamic, risk-informed, AI-enhanced authorization that protects the organization while enabling business velocity.

What will you do?

Authorization Platform Product Management 

• Own end-to-end product strategy and roadmap for authorization capabilities: policy engines, entitlement management, access decision frameworks, and real-time enforcement 

• Define authorization patterns and standards (ABAC, RBAC, attribute-based policy models) that scale across RBC's diverse application ecosystem 

• Lead requirements definition for policy information points (PIPs) and policy decision points (PDPs) enabling dynamic, risk-informed access decisions 

• Establish authorization best practices, frameworks, and guardrails aligned with Zero Trust Architecture principles 

Risk-Informed Authorization Strategy 

• Integrate identity risk scoring, HR performance data, and critical application sensitivity into real-time authorization decisions 

• Define product requirements for JIT access models that shift from standing access to time-limited, context-aware provisioning 

• Develop authorization policies that evolve based on risk signals (anomalous behavior, policy violations, regulatory triggers) 

• Establish audit, logging, and compliance reporting capabilities for all authorization decisions and policy enforcement 

Policy & Compliance Management 

• Drive authorization policy harmonization across lines of business, reducing inconsistency and risk exposure 

• Ensure authorization capabilities meet regulatory requirements (FRB, Part 30, OSFI, SOX, GLBA) 

• Define separation of duties (SoD), conflict of interest (CoI), and policy violation detection and remediation workflows 

• Establish compliance monitoring and 3LOD independent review processes for authorization controls 

Enterprise Integration & Standardization 

• Define integration patterns for authorization across applications, APIs, microservices, and cloud environments 

• Lead standardization of authorization frameworks to reduce application sprawl and inconsistent access control implementations 

• Develop product requirements for API-first authorization services enabling ease of adoption by application teams 

• Collaborate with architecture and infrastructure teams to embed authorization enforcement at scale 

AI-Enhanced Authorization 

• Define requirements for AI/ML capabilities in authorization: intelligent policy recommendations, anomaly detection, access pattern analysis 

• Establish governance frameworks for AI-driven authorization decisions, including explainability and audit capabilities 

• Develop use cases for Agentic AI in policy optimization, entitlement analytics, and access review automation 

• Ensure responsible AI principles are embedded in authorization product enhancements 

Cross-Functional Leadership 

• Lead product management working groups with Engineering, Architecture, Security, Compliance, and Application Teams 

• Communicate authorization strategy and product roadmap to executive sponsors and business leaders 

• Manage relationships with application owners, security teams, and compliance stakeholders 

• Mentor product management team members on authorization strategy and best practices 

What do you need to succeed?

Must-have

• 12+ years in product management or technical leadership, with minimum 7 years in Identity and Access Management (IAM), Authorization, or Access Control systems 
• 5+ years of hands-on experience designing or implementing authorization platforms (policy engines, entitlement management, access control frameworks) 
• Deep expertise in authorization technologies: RBAC, ABAC, XACML, OAuth 2.0, SAML, API security, and policy-driven access control 
• Strong understanding of enterprise security architecture, Zero Trust models, and least-privilege principles 
• Proven experience translating business and compliance requirements into authorization policy frameworks 
• Demonstrated ability to lead cross-functional teams in complex, regulated environments (banking/financial services preferred) 
• Proficiency with agile product delivery and automation frameworks 

Nice-to-have

• Experience with policy information points (PIPs), policy decision points (PDPs), and policy engines (e.g., AWS IAM, Azure RBAC, custom policy engines) 
• Background in cybersecurity, GRC (Governance, Risk, Compliance), or identity governance 
• Knowledge of financial services regulatory requirements (FRB, Part 30, OSFI, Basel, SOX) 
• Familiarity with Just-In-Time Access (JIT), Privileged Access Management (PAM), and identity risk scoring 
• Experience with microservices architecture, API security, and cloud authorization models 
• Track record with AI/ML applications in security and access control 
• Knowledge of RBC's technology stack or similar enterprise banking platforms 

What’s in it for you?

We thrive on the challenge to be our best, progressive thinking to keep growing, and working together to deliver trusted advice to help our clients thrive and communities prosper. We care about each other, reaching our potential, making a difference to our communities, and achieving success that is mutual.

• A comprehensive Total Rewards Program including bonuses and flexible benefits, competitive compensation, commissions, and stock where applicable
• Leaders who support your development through coaching and managing opportunities
• Ability to make a difference and lasting impact
• Work in a dynamic, collaborative, progressive, and high-performing team
• Flexible work/life balance options
• Opportunities to do challenging work
• Opportunities to take on progressively greater accountabilities  
• Access to a variety of job opportunities across business

#LI-POST

#TECHPJ

Job Skills

Agile Methodology, Agile Product Development, Change Management, Coaching Others, Communication, Decision Making, Long Term Planning, Software Product Management, Software Quality Assurance (SQA), Time Management

Additional Job Details

RBC CENTRE, 155 WELLINGTON ST W:TORONTOTorontoCanada37.5Full timeTECHNOLOGY AND OPERATIONSRegularSalaried2026-04-172026-05-22

Note: Applications will be accepted until 11:59 PM on the day prior to the application deadline date above

Our Employment Opportunities

At RBC, we are guided by living shared values of Client First, Integrity, Collaboration, Respect and Excellence and winning together as One RBC. We believe an inclusive workplace that has diverse perspectives is core to our continued growth as one of the largest and most successful banks in the world. Maintaining a workplace where our employees feel supported to perform at their best, effectively collaborate, drive innovation, and grow professionally helps to bring our Purpose to life and create value for our clients and communities. RBC strives to deliver this through policies and programs intended to foster a workplace based on respect, belonging and opportunity for all.

RBC is presently inviting candidates to apply for this existing vacancy. Applying to this posting allows you to express your interest in this current career opportunity at RBC. Qualified applicants may be contacted to review their resume in more detail.