Cyber Security Engineer

Job Title: Cybersecurity Engineer Level 3 (SECENG3) Duration:9 Months with possibility of extension Location: Montréal, QC H3A 2A6 Job Description: Business Overview: The US/Americas Information Security department covers the following areas: Identity & Access Management (IAM), Application Security, Third Party Security, Data Security & Cyber Defense. As part of the IAM team we ensure: The management of governance, risk, and controls for all CIB & Group IAM security requirements The support of internal and external audits, and regulatory exams The execution of all key IAM controls to ensure compliance with various regulatory & Group requirements Candidate Success Factors: Candidates are measured on the following four performance drivers, which will dictate how individual impact is considered on the Americas platform: Results and Impact Able to influence peers and team. Demonstrates good judgement when making decisions of high complexity and impact. Exercise appropriate autonomy in the execution and delivery of work. Responsible for driving outcomes, which have meaningful effect on team or department. Leadership and Collaboration: Creates trust with colleagues. Acts in leadership capacity for projects, processes, or programs. Client, Customer and Stakeholder Focus: Able to build relationships with a mix of colleagues and clients. Interacts regularly with management and department leaders. Demonstrates the ability to influence stakeholders at the team level. Compliance Culture and Conduct: Takes full responsibility for personal actions and demonstrates courage in facing problems and conflicts. Perceived as a person of high moral character; upholds corporate values and displays high ethical standards. Responsibilities: Develop and execute controls related to identity and access management Develop metrics to periodically report on the IAM governance program Maintain and update IAM related policies, procedures, and standards and adhere to these practices Analyze, design, and provide security solution(s)/recommendations on IAM Perform security and quality checks on new application onboardings and/or any updates being made to application metadata within the IGA tool Perform and support periodic access recertification campaigns Perform and/or support access reconciliation of applications as per the defined scope and frequency in the requirements Evolve the identity access security function by continuous assessment of risks, threats & vulnerabilities, related to access management Support compliance audits conducted by internal/external auditors and regulatory exams Support Continuous Monitoring Framework by effectively reporting Key Risk Indicators (KRIs) and Key Control Indicators (KCIs) on a periodic basis, and incorporating in the Information Security dashboard (OpCo/SteerCo) Report and evidence executed controls in the dedicated tool to ensure L3 compliance as per the control plan Support team colleagues by assisting with other ongoing engagements in project mode, as and when needed Contribute to the overall GRC framework for IT & Cyber in the region Minimum Required Qualifications: Minimum 6 to 10 years of professional IT related work experience Minimum 4 years’ experience in Identity and Access Management including the areas of controls and governance Hands on functional experience with one or more major IAM /IGA platforms (e.g. SailPoint) Ability to multi-task and manage multiple projects & work streams in parallel Understands Controls, Control Gaps, and Action Plans Strong analytical and problem-solving skills Good written & verbal communication skills Preferred Qualifications: Bachelor’s degree in science or related field preferred Knowledge of IAM Security Practices, Regulatory Compliance (SOX, FFIEC and 17A5) Knowledge of provisioning, authentication and authorization technologies & standards Ability to create and run SQL scripts and knowledge of python would be beneficial Relevant certification such as CISSP, CIAM Certified