Senior Identity & Access Management (IAM) Specialist

Société Générale - Montréal, QC (30+ days ago)

Apply Now

The Identity & Access Management (IAM) Specialist for Société Générale is responsible for delivery of global IAM missions in the Americas region to ensure that security controls are functioning efficiently and effectively. This position also supports the DCS team in doing security research and development, product evaluations, consulting, project support, and other operational activities needed to support the overall IAM program and strategy. The position provides business and security expertise to establish and implement IAM policies, frameworks, standards, procedures, and guidelines appropriate to securing the existing environment in partnership with various stakeholders such as Information Technology, the risk functions, Internal Audit, and the business.


Operational Planning & Management

Support all activities performed by the IAM team associated with the deployment and maintenance of all IAM solutions, policies, processes, and procedures

Develop and execute global and regional IAM solutions including: User Certification and Compliance, Single-Sign On (SSO), Provisioning/De-provisioning, Privileged User Management, Biometric, Role Based Access Control (RBAC) entitlement and provisioning, and authentication (proof of user identities)

Ensure IAM solutions are providing the necessary security controls; and provide recommendations on how to enhance security controls in case of gaps

Contribute to development of the regional IAM security roadmap, policies, standards, procedures, and guidelines that will assist Information Technology in integrating IAM requirements within existing and new applications and systems

Develop/maintain a regional RBAC program to streamline provisioning/deprovisioning processes and ensure compliance with regulatory requirements, best practices, and the bank’s policies

Evaluate and participate in outsourcing initiatives and/or third-party processing

Provide understanding of IAM and influence Application Development teams in integrating IAM security at the design and development phase (e.g. through practical training sessions, in-house security certifications, etc.)

Contribute to the technical understanding and promotion of new and existing information security standards, solutions and tools with respect to IAM

Engineer and optimize technical solutions and processes for monitoring the security posture of the bank with regards to IAM

Security Risk Management

Develop security policies, standards, risk/threat models, procedures, and guidelines that will assist the IT Department and lines of business in integrating security requirements within their networks, systems, applications and databases

Manage the IAM aspect of various audits, assessments, etc. to ensure that all outstanding findings and gaps are resolved by the various lines of business and IT

Partner with DCS Management to build an integrated end-to-end security risk and compliance framework to protect the bank’s information assets and supporting resources

Influence the promotion and understanding of new and existing information security standards, solutions and tools with respect to IAM

Advocate and promote informational security awareness, education and training programs to promote the knowledge of information security issues throughout all areas of the organization

Using the current security risk management framework, ensure that all IAM activities are completed timely and with the utmost quality

Provide test results, recommendations and remediation plans

Identify areas that would benefit Internal Audit, External Audit and other regulators to enable them to streamline their audit activities and leverage IAM tools and processes

Incident Management

Support DCS with regards to access-related incidents and/or investigations

Research & Development

Provide functional/technical briefings to the CISO and other key stakeholders such as the CIO, CTO, etc. on current security issues; contributing to the technical understanding and promotion of new and existing information security standards, solutions and tools; serving as a technical communication channel to the CISO

Provide R&D and consulting support to DCS, IT and business projects as needed

Evaluate and participate in outsourcing and/or third-party initiatives that would outsource data processing and management

Documentation, Reporting & Analytics

Contribute to the design and implementation of an operational reporting framework that will provide regular metrics and statistics about our business and IT environment; analyzing trends in security events, activities, etc. to better understand risks, insufficiencies in our solutions, staffing shortages, etc.; reporting security metrics and statistics to the CISO and other key stakeholders such as the CIO, CTO, etc.

Document and follow-up on security exceptions relating to IT and business activities that could negatively impact security risks and/or not adhere to established policies, standards, or procedures

Secure all SOC requirements with regards to IAM metrics and ensure that metrics are gathered on a regular basis

Manage all IAM metrics for various CISO dashboards and other reporting requirements

Prepare project plans, status reports, and other management metrics as needed

Organizational Planning and Management

Coordinate projects with IT and lines of business for projects internal to DCS

Assist with general administrative activities in collaboration with all team members

Assist with the management of vendors' activities and relationships as needed including SOWs, maintenance renewals, licensing updates, etc.

All our positions are open to people with disabilities

Profile Required
Professional Experience, Education and Certifications

5-7 years related business experience

Bachelor's degree or equivalent business experience in Computer Science, Business Management, or MIS required

Certified training in security management, risk and compliance solutions and practices (e.g. CISSP, CISM, or CISA or related certification(s))

Knowledge of US Security regulatory requirements and environment in financial services industry a plus (i.e. FFIEC)

Experience working in a global / international environment with a broad range of policies and procedures


Working knowledge of process engineering and technical requirements generation in the user environment

Experience with current concepts in project risk assessment, metrics generation and analysis and risk management

Knowledge of underlying platform(s); prior experience working with interdependent platforms; working knowledge of standards and impact of non-standard approaches

Technical/Functional knowledge of business processes and procedures and underlying technical workings of support system


Exceptional communication skills - both verbal and written

Detail-oriented and organized

Break down complex problems into manageable units, develop solutions for each unit, and integrate them back into the whole.

Absorb new ideas quickly and then apply them pragmatically

Identifies key or underlying issues in complex situations

Assess the situation by identifying patterns or connections which are not obviously related

Capable of adjusting to new environments and work effectively in varied situations

Set goals and priorities that maximize the use of available resources

Team-oriented, client-focused and open to different ideas/viewpoints

Self-awareness of own behavior/work style, as well as tolerant of different needs and viewpoints

Interest in others’ opinions and shows consideration, concern and respect for other people


Business Insight
Data & Cyber Security (DCS) is globally responsible for securing and steering Information Security and Cybersecurity related risks for the Global Banking and Investor Solutions (GBIS) division and related Service Units. DCS is composed of diverse and talented professionals who translate ideas into action daily by combining the strength of its expertise with a deep understanding of GBIS and Service Unit needs.

DCS’s responsibilities cover the management of Information Security and Cybersecurity

frameworks and revolve around five areas of expertise – Identification, Protection, Detection, Response, and Recovery.

Within DCS, the Identity & Access Management team focuses on four key missions:

Identity & Access Governance

Recertification Campaigns

Product Ownership for IAM Tools

Controls Execution

DCS achieves this while promoting a collaborative, innovative, diverse and fun environment for its Information Security and Cybersecurity professionals.

Job code: 19000PC6
Business unit: SG CIB
Starting date: 02/12/2019
Date of publication: 05/10/2019