Identity & Access Management Analyst

Permanent contract|Montreal|Information Technology

Identity & Access Management Analyst

Montreal, Canada Permanent contract Information Technology


The Identity & Access Management (IAM) Analyst for Société Générale is responsible for the delivery of IAM missions in the Americas region to ensure security controls are functioning both effectively and efficiently. This position requires hands-on engagement as a security analysis and demands strong collaboration with global contributors at all levels of the organization. The role also requires the candidate to manage all aspects of their projects, lead contributors from globally distributed teams, and to regularly communicate updates to senior management.

The ideal candidate will have a solid understanding of IAM principles, security best practices (e.g. NIST, ISO), and key regulations applicable to a global financial services organization (e.g. NYDFS 500, GDPR).

Essential competencies include highly proactive and autonomous engagement, strong communication capabilities at all levels of the organization, and ability to influence without authority at both the regional and global level.

As a member of the global Data & Cyber Security (DCS) team, the candidate will focus on driving global transformational IAM initiatives supporting business operations in the Americas region. Candidate will be involved in all facets of security analysis and project management with key responsibilities being:

  • Independently develop project plans and drive initiatives through their full lifecycle
  • Perform policy, process and data analysis to assess requirements and identify control gaps
  • Define and implement solutions to align controls with defined risk tolerances
  • Ensure solutions are strategically aligned, regulatorily compliant, sustainable, and make efficient use of organizational resources
  • Propose and secure support for both tactical and strategic risk mitigation recommendations
  • Lead coalition of project contributors from the global infrastructure, IT, and business teams
  • Provide continuous project status updates to sponsors, stakeholders, and senior management
  • Collaborate with DCS GRC, risk team, and auditors/regulators in risk assessment and mitigation
  • Establish and maintain strong levels of trust with both regional and global partners

Profile required

Knowledge & Experience

  • 7-10 years of experience in information security, identity & acess management and related security practices

  • Strong communication, analytical, problem solving, and project management skills

  • Ability to effectively influence without authority

  • Experience working in a global context with a broad range of policies and procedures

  • Experience working with oversight teams (e.g. 2LOD, 3LOD) and external auditors/regulators

  • Proficiency with CyberArk, SailPoint, and MS Office suite (Excel, PowerPoint, Word)

  • Experience with implementation of IAM controls on the public cloud

  • Strong understanding of computer disciplines such as application and data security, systems programming, systems design, computer technology or software disciplines

  • Understanding of security regulatory requirements (e.g. NYDFS 500, GDPR), and industry frameworks/best practices (e.g. FFIEC, NIST, ISO)

  • French language skills (preferred)


  • Bachelors degree in Information Security, Computer Science or a related concentration
  • CISSP, CCSP, CCSK, CISM or related certification(s) required
  • Certified training in information security solutions and practices

Business insight

Data & Cyber Security (DCS) is globally responsible for securing and steering Information Security and Cybersecurity related risks for the Global Banking and Investor Solutions (GBIS) division and related Service Units. DCS is composed of diverse and talented professionals who translate ideas into action daily by combining the strength of its expertise with a deep understanding of GBIS and Service Unit needs.

DCS’s responsibilities cover the management of Information Security and Cybersecurityframeworks and revolve around five areas of expertise – Identification, Protection, Detection, Response, and Recovery.

Within DCS, the Identity & Access Management team focuses on four key missions:

  • Identity & Access Governance

  • Recertification Campaigns

  • Product Ownership for IAM Tools

  • Controls Execution

DCS achieves this while promoting a collaborative, innovative, diverse and fun environment for its Information Security and Cybersecurity professionals.

We are an equal opportunities employer and we are proud to make diversity a strength for our company. Societe Generale is committed to recognizing and promoting all talents, regardless of their beliefs, age, disability, parental status, ethnic origin, nationality, sexual or gender identity, sexual orientation, membership of a political, religious, trade union or minority organisation, or any other characteristic that could be subject to discrimination.

Reference: 21000HFS
Entity: SG CIB
Starting date: 2021/06/28
Publication date: 2021/05/28