Senior Identity & Access Management (IAM) Specialist

 Montreal, Canada       Permanent contract        Information Technology


The Identity & Access Management (IAM) Specialist for Société Générale is responsible for delivery of global IAM missions in the Americas region to ensure that security controls are functioning efficiently and effectively. This position also supports the DCS team in doing security research and development, product evaluations, consulting, project support, and other operational activities needed to support the overall IAM program and strategy. The position provides business and security expertise to establish and implement IAM policies, frameworks, standards, procedures, and guidelines appropriate to securing the existing environment in partnership with various stakeholders such as Information Technology, the risk functions, Internal Audit, and the business.


Operational Planning & Management

  • Support all activities performed by the IAM team associated with the deployment and maintenance of all IAM solutions, policies, processes, and procedures

  • Develop and execute global and regional IAM solutions including: User Certification and Compliance, Single-Sign On (SSO), Provisioning/De-provisioning, Privileged User Management, Biometric, Role Based Access Control (RBAC) entitlement and provisioning, and authentication (proof of user identities)

  • Ensure IAM solutions are providing the necessary security controls; and provide recommendations on how to enhance security controls in case of gaps

  • Contribute to development of the regional IAM security roadmap, policies, standards, procedures, and guidelines that will assist Information Technology in integrating IAM requirements within existing and new applications and systems

  • Develop/maintain a regional RBAC program to streamline provisioning/deprovisioning processes and ensure compliance with regulatory requirements, best practices, and the bank’s policies

  • Evaluate and participate in outsourcing initiatives and/or third-party processing

  • Provide understanding of IAM and influence Application Development teams in integrating IAM security at the design and development phase (e.g. through practical training sessions, in-house security certifications, etc.)

  • Contribute to the technical understanding and promotion of new and existing information security standards, solutions and tools with respect to IAM

  • Engineer and optimize technical solutions and processes for monitoring the security posture of the bank with regards to IAM

Security Risk Management

  • Develop security policies, standards, risk/threat models, procedures, and guidelines that will assist the IT Department and lines of business in integrating security requirements within their networks, systems, applications and databases

  • Manage the IAM aspect of various audits, assessments, etc. to ensure that all outstanding findings and gaps are resolved by the various lines of business and IT

  • Partner with DCS Management to build an integrated end-to-end security risk and compliance framework to protect the bank’s information assets and supporting resources

  • Influence the promotion and understanding of new and existing information security standards, solutions and tools with respect to IAM

  • Advocate and promote informational security awareness, education and training programs to promote the knowledge of information security issues throughout all areas of the organization

  • Using the current security risk management framework, ensure that all IAM activities are completed timely and with the utmost quality

  • Provide test results, recommendations and remediation plans

  • Identify areas that would benefit Internal Audit, External Audit and other regulators to enable them to streamline their audit activities and leverage IAM tools and processes

Incident Management

  • Support DCS with regards to access-related incidents and/or investigations

Research & Development

  • Provide functional/technical briefings to the CISO and other key stakeholders such as the CIO, CTO, etc. on current security issues; contributing to the technical understanding and promotion of new and existing information security standards, solutions and tools; serving as a technical communication channel to the CISO

  • Provide R&D and consulting support to DCS, IT and business projects as needed

  • Evaluate and participate in outsourcing and/or third-party initiatives that would outsource data processing and management

Documentation, Reporting & Analytics

  • Contribute to the design and implementation of an operational reporting framework that will provide regular metrics and statistics about our business and IT environment; analyzing trends in security events, activities, etc. to better understand risks, insufficiencies in our solutions, staffing shortages, etc.; reporting security metrics and statistics to the CISO and other key stakeholders such as the CIO, CTO, etc.

  • Document and follow-up on security exceptions relating to IT and business activities that could negatively impact security risks and/or not adhere to established policies, standards, or procedures

  • Secure all SOC requirements with regards to IAM metrics and ensure that metrics are gathered on a regular basis

  • Manage all IAM metrics for various CISO dashboards and other reporting requirements

  • Prepare project plans, status reports, and other management metrics as needed

Organizational Planning and Management

  • Coordinate projects with IT and lines of business for projects internal to DCS

  • Assist with general administrative activities in collaboration with all team members

  • Assist with the management of vendors' activities and relationships as needed including SOWs, maintenance renewals, licensing updates, etc.

Profile Required

Professional Experience, Education and Certifications

  • 5-7 years related business experience

  • Bachelor's degree or equivalent business experience in Computer Science, Business Management, or MIS required

  • Certified training in security management, risk and compliance solutions and practices (e.g. CISSP, CISM, or CISA or related certification(s))

  • Knowledge of US Security regulatory requirements and environment in financial services industry a plus (i.e. FFIEC)

  • Experience working in a global / international environment with a broad range of policies and procedures



  • Exceptional communication skills - both verbal and written

  • Detail-oriented and organized

  • Break down complex problems into manageable units, develop solutions for each unit, and integrate them back into the whole.

  • Absorb new ideas quickly and then apply them pragmatically

  • Identifies key or underlying issues in complex situations

  • Assess the situation by identifying patterns or connections which are not obviously related

  • Capable of adjusting to new environments and work effectively in varied situations

  • Set goals and priorities that maximize the use of available resources

  • Team-oriented, client-focused and open to different ideas/viewpoints

  • Self-awareness of own behavior/work style, as well as tolerant of different needs and viewpoints

  • Interest in others’ opinions and shows consideration, concern and respect for other people


Business Insight

Data & Cyber Security (DCS) is globally responsible for securing and steering Information Security and Cybersecurity related risks for the Global Banking and Investor Solutions (GBIS) division and related Service Units. DCS is composed of diverse and talented professionals who translate ideas into action daily by combining the strength of its expertise with a deep understanding of GBIS and Service Unit needs.

DCS’s responsibilities cover the management of Information Security and Cybersecurity

frameworks and revolve around five areas of expertise – Identification, Protection, Detection, Response, and Recovery.

Within DCS, the Identity & Access Management team focuses on four key missions:

  • Identity & Access Governance

  • Recertification Campaigns

  • Product Ownership for IAM Tools

  • Controls Execution

DCS achieves this while promoting a collaborative, innovative, diverse and fun environment for its Information Security and Cybersecurity professionals.

We are an equal opportunities employer and we are proud to make diversity a strength for our company. Societe Generale is committed to recognizing and promoting all talents, regardless of their beliefs, age, disability, parental status, ethnic origin, nationality, sexual or gender identity, sexual orientation, membership of a political, religious, trade union or minority organisation, or any other characteristic that could be subject to discrimination.

Job code: 19000PC6
Business unit: SG CIB
Starting date: Immediate
Date of publication: 15/01/2020
Share on

Senior Identity & Access Management (IAM) Specialist

Permanent contract   |   Montreal   |   Information Technology