• Be the primary contact for all IAM-related inquiries during security investigations, incidents, and potential breaches. • Coordinate and orchestrate response activities across all IAM functions—including Identity Governance (IGA), Privileged Access Management (PAM), Authentication, and IAM Governance • Assist the CFC in identifying and containing threats by completing or directing IAM-related actions, such as account suspension, privilege revocation, session termination, and enforcement of step-up authentication. • Analyze threat intelligence and actor TTPs (Tactics, Techniques, and Procedures) to identify potential risks to the identity landscape. • Develop and refine IAM-centric detection use cases and queries for security monitoring systems (e.g., SIEM, UEBA) • Use insights to help inform IAM policies • Provide subject matter expertise to inform the design and implementation of IAM controls across the enterprise. • Help with the risk-based prioritization for First Line of Defense (LOD1) remediation efforts by providing context on active threats and vulnerabilities. • Develop formal plans and standard operating procedures (SOPs) for IAM's role in the incident response lifecycle. • Establish protocols and service level agreements (SLAs) between the IAM organization and the CFC. • Conduct post-incident reviews and contribute IAM-specific findings to root cause analysis reports.