Information Security Engineer III - Daily

IAM Specialist/ Cybersecurity Engineer Level 3/ Information Security Engineer III
Location: Montreal QC
Duration:6-9 month(s)

Business Overview:
The US/Americas Information Security department covers the following areas: Identity & Access Management (IAM), Application Security, Third Party Security, Data Security & Cyber Defense. As part of the IAM team we ensure:

• The management of governance, risk, and controls for all CIB & Group IAM security requirements

• The support of internal and external audits, and regulatory exams

• The execution of all key IAM controls to ensure compliance with various regulatory & Group requirements

Responsibilities:

• Develop and execute controls related to identity and access management

• Develop metrics to periodically report on the IAM governance program

• Maintain and update IAM related policies, procedures, and standards and adhere to these practices

• Analyze, design, and provide security solution(s)/recommendations on IAM

• Perform security and quality checks on new application onboardings and/or any updates being made to application metadata within the IGA tool

• Perform and support periodic access recertification campaigns

• Perform and/or support access reconciliation of applications as per the defined scope and frequency in the requirements

• Evolve the identity access security function by continuous assessment of risks, threats & vulnerabilities, related to access management

• Support compliance audits conducted by internal/external auditors and regulatory exams

• Support Continuous Monitoring Framework by effectively reporting Key Risk Indicators (KRIs) and Key Control Indicators (KCIs) on a periodic basis, and incorporating in the Information Security dashboard (OpCo/SteerCo)

• Report and evidence executed controls in the dedicated tool to ensure L3 compliance as per the control plan

• Support team colleagues by assisting with other ongoing engagements in project mode, as and when needed

• Contribute to the overall GRC framework for IT & Cyber in the region

Minimum Required Qualifications:

• Minimum 6 to 10 years of professional IT related work experience

• Minimum 4 years' experience in Identity and Access Management including the areas of controls and governance

• Hands on functional experience with one or more major IAM /IGA platforms (e.g. SailPoint)

• Ability to multi-task and manage multiple projects & work streams in parallel

• Understands Controls, Control Gaps, and Action Plans

• Strong analytical and problem-solving skills

• Good written & verbal communication skills

Preferred Qualifications:

• Bachelor's degree in science or related field preferred

• Knowledge of IAM Security Practices, Regulatory Compliance (SOX, FFIEC and 17A5)

• Knowledge of provisioning, authentication and authorization technologies & standards

• Ability to create and run SQL scripts and knowledge of python would be beneficial

• Relevant certification such as CISSP, CIAM Certified