The Identity and Access Governance Associate develops, implements, and enforces procedures to ensure that CA-CIB standards and policies for access to computer equipment and data are maintained and controlled effectively. Performs LEC (Local Entitlement Correspondent) function – designs and manages GRANT workflow as dictated by business needs. Responsible for HRM function – onboarding, off boarding and transfers.  Performs Periodic Entitlement Review.

• Develop and execute on controls related to identity and access management to detect, and misuse of privilege escalation, privileges, and incorrect access rights
• Develop metrics to report monthly on the Identity and Access Management Governance Program
• Maintain and update IAM related policies, procedures, and standards and adhere to these practices
• Analyze, design, and provide security solution in Identity Access
• Governance area as needed by company / requested by business
• Evolve the Identity Access Security function by continuous assessment of our risks, threats & vulnerabilities, related to access management
• Perform HRM/LEC function – On-boarding, off- boarding, transfer management of UT code – unique identifier
• Function as the Grant Local Entitlement Correspondent (LEC) for qualifying requests and controlling authorizations
• LEC: Design and manage GRANT workflow for Americas applications and IT platforms
• ECC: Perform periodic entitlement review. Support access reviews and compliance audits conducted by Internal Audit or 3rd parties.
• Support Continuous Monitoring Framework by effectively reporting the Key Risk Indicators (KRIs) and Key Control Indicators (KCIs) on a periodic basis, and incorporating into the information security dashboard via the control plan
• Maintain identity and access governance tools and processes
  Comply with Head Office requirements and support Campaigns initiated by Paris
• Identify and remediate alerts related to tooling for Access Management
• Work closely with Cybersecurity, audit, compliance, legal, and stakeholders to define access policies, user roles, and access control procedures for our diverse technology and lines of business landscape
• Support team members by providing technical guidance and assist other ongoing engagements for resolving critical issues
• Investigate and troubleshoot complex technical issues, perform root-cause analysis for high severity issues, and provide permanent resolution
• Work with technology vendors as appropriate to resolve product issues, technology evaluations, and design reviews
• Assess and advise on modernizing IAM capabilities and methodologies, including development of strategies, readiness assessment, development of training and communications
• Operate as an advisor for our distributed IAM teams to help them elect the best solution for resolving identified or possible technical issues or security threats in the system/infrastructure
• Harness familiarity with IT security and risk management practices on risk migrants

Reporting

• Head of Identity and Access Governance functionally
• Head of IT Canada locally

Key Internal contacts

• Information Technology
• Information Systems Security
• Application Business Owners

Key External contacts

• Varonis (Vendor)

• Degree in information technology
• Advanced studies in information security (an asset)
• CISSP certification or equivalent (an asset)

• 3+ years in ISS  Identity and Access Governance or similar field
• Entitlement Review process management
• Privilege Access review process management
• Understanding and management of centralized access management systems
• Interaction with IT Teams and Business Users
• Interaction with internal and external Audit Teams and Regulators
• Understanding of IT Security Controls and Alert/Monitoring
   

• Verbal and written communication skills in English is required (You will need to service Anglophone clients and work with Anglophone colleagues)
• Verbal and written communication skills in French is considered a strong asset
• Ability to work in a team environment 
• Ability to work with internal and external stake holders 
• Ability to multitask 
• Strong presentation skills

• Powershell scripting – intermedia to advance level. Ability to automate tasks with PowerShell scripts, maintain current automated scripts
• Experience with Varonis Datadvantage tool. Ability to build new use cases and monitor existing alerts
• Understanding of staff movement (on board, /transfer/termination) process and related security tasks
• Role based access control
• Knowledge of Access Provisioning Systems (i.e. GRANT) 
• Entitlement Review Process
• Experience in Incident investigation and remediation
• Active Directory User and Computer management