Well, Access Management is fulfillment of Information Security Management policies. But, that doesn't mean that Information Security Management should keep ownership of the Access Management process. Reason is that Access Management is operational process. In the real life, it's rare that an organization has Access Management function. Usually, IT Operations Management performs tasks which belong in the domain of the Access Management, i.e. IT Operations Management should/could have ownership of the process.
Read the article:
"ITIL Access Management – where do you think you’re going?" https://advisera.com/20000academy/blog/2014/02/12/itil-access-management-think-youre-going/
to gain more information about Access Management.