Sr. Cybersecurity Specialist, Identity Access Management

at  EDC

Posting Date: Nov 8, 2024, 1:07:56 PM
Primary Location: Ontario-Ottawa
Job Type: Permanent
Schedule: Full-time
Export Development Canada (EDC) is a financial Crown corporation dedicated to helping Canadian businesses make an impact at home and abroad. EDC offers financial products and knowledge to help Canadian businesses confidently enter new markets, reduce financial risk, and grow their business.
When you join our team, you’ll be helping Canadian businesses learn the endless possibilities that open to them through export and help bring their vision, passion, and innovation to the world. Your knowledge and expertise will support more than 25,000 Canadian businesses and their customers in as many as 200 markets worldwide. You’ll work amongst the best and brightest in an inclusive, collaborative environment that fosters professional development and success. And you’ll know that you’re making an impact every day – for businesses, for Canada and for the people you work with.
Are you ready to make an impact? Join EDC, recognized as a Top 100 and Top Family-Friendly Employer, as we take on the risk so Canadian businesses can take on the world. #LI-Hybrid

TEAM & JOB OVERVIEW

The Digital & Technology Solutions (DTS) group under the leadership of the Chief Information Officer was established in 2023 with the mission of empowering our customers and colleagues to take on the world, by seamlessly delivering secure and reliable digital experiences. Digital & Technology Solutions has set out to achieve the following objectives for EDC:

• Define, execute, and sustain the integrated technology target state, target data model and technology operations required to enable EDC’s 2030 business transformation.
• Establish and manage the rolling 3 Year Digital Roadmap that sequences the technology outcomes required to achieve the technology target state and facilitate its execution across all domains in the organization.
• Keep pace with industry trends and emerging technologies, ensuring EDC has access to the digital technology tools it needs to stay relevant in the market and grow Canadian global trade.
• Lead and ensure integrated digital, data, infrastructure, and cybersecurity implementations to create excellent customer, user, and employee experiences.

The Enterprise Information Security (EIS) team is seeking a Senior Cybersecurity Specialist to lead the Identity and Access Management (IAM) capability at EDC. Reporting to the EIS Director, this role will provide direction and guidance to development, specifications, and communication of IAM applications and architecture. It involves providing in-depth technical consultation to business units and IT management, aiding in the integration of information security requirements.
The successful candidate will be an expert in IAM capabilities and architecture strategies, supporting diverse user constituencies and applications in a hybrid, multi-cloud environment. This role influences stakeholders within the Security Risk Management and governance ecosystem, including internal and external resources, technology and application analysts, auditors, security engineering, operations, and other solution architects. Key activities include establishing IAM-related security policies, compliance reports, and integrating IAM within the security tool ecosystem.

These are some of the objectives for the IAM capabilities:

• Improve Architectural Agility and productivity: deliver capabilities faster, deploy independently at different rates, adapt to change, and utilize optimal technologies - more efficiently, reducing maintenance requirements.
• Enable the Business and improve user Experience: deploy technologies that provide efficient access to applications and services, empower end users, and facilitate collaboration, enhance UX through better UI capabilities, optimal technologies, increased reliability, improved performance, and enhanced interactions.
• Improve Security and Compliance: ensure the right access for the right user at the right time, designing solutions that implement protective and detective security controls and demonstrate policy compliance.

Key Responsibilities:

• Develop and Implement IAM Strategy: Create and maintain a 3-year roadmap covering Identity Access (IA), Privileged Access Management (PAM), and Identity Governance and Administration (IGA) capabilities. Stay updated on emerging IAM technologies and trends, build a target state, and align with key stakeholders to implement the IAM roadmap that supports the EDC business context.
• Access Control Policies: Define, enable, and enforce access control policies to ensure secure and compliant access to systems and data. Implement Role-Based Access Control (RBAC) and Zero Trust Security models.
• Oversee IAM Technologies: define requirements, acceptance criteria and collaborate with platform product owners to manage the deployment, configuration, and maintenance of IAM technologies, including IGA, PAM, and Single Sign-On (SSO) solutions. Ensure timely and accurate updates to user access rights based on role changes, terminations, and other events.
• Support GRC Functions to conduct regular audits and assessments to ensure compliance with security policies and regulatory requirements. Review solutions and provide guidance to technology teams and third parties to ensure new and existing applications meet standards, utilizing RBAC and Zero Trust Security frameworks.
• Collaborate on Incident Response: Work closely with security operations and incident responders to support business and technology during IAM-related incidents.

Screening Criteria

• Undergraduate degree in Computer Science, Information Security, Management Information Systems, or a related discipline.
• Minimum 7 years of hands-on experience in information security.
• Minimum 3 years of experience in designing and implementing technologies for Identity Access Management (IAM) and Privileged Access Management (PAM).
• Strong domain knowledge of Active Directory (AD) management, including authentication, authorization, role-based access control (RBAC), single sign-on (SSO), password vaulting, and privileged session management for hybrid environments (on-premises and cloud).
• Hands-on experience with CyberArk, including Privileged Threat Analytics, Endpoint Manager, and Application Access Manager. Experience with IAM applications such as SailPoint IdentityIQ or related IAM platform solutions, and knowledge of RPA principles and deployment.
• Working knowledge of exerting control over elevated “privileged” access and permissions for users, accounts, processes, and systems across an IT environment.
• Exceptional skills in influencing and driving cross-functional teams, and delivering solutions in highly complex, dynamic, and nebulous environments.
• Excellent verbal and written communication, critical and strategic thinking, time management, priority planning, and interpersonal skills.

Assets

• Proven hands-on experience on IAM/IGA and PAM solutions and/or certification as following:
• SailPoint Certified IdentityNow Professional
• SailPoint Certified IdentityIQ Associate
• Microsoft Certified: Identity and Access Administrator Associate
• Certificed Identity and Access Manager (CIAM)
• CyberArk Certification: Sentry level (hands-on experience with CyberArk solutions, deployments, configurations) or advanced (CyberArk Delivery Engineer - CDE).
• Minimum of 3 years of experience implementing IAM programs, working, specifically in the finance industry.
• Minimum of 2 years of experience in Endpoint and Mobile Security, Email Security, Web Proxies, and Cloud (Azure).
• Working knowledge/experience with standard security frameworks such as NIST, ISO, and/or CIS.
• One or more security certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security (CIS), CISM, CEH, CIIRT, CIRT, CERT, Security+.
• Bilingualism in both official languages (English & French).

• Develop and Implement IAM Strategy: Create and maintain a 3-year roadmap covering Identity Access (IA), Privileged Access Management (PAM), and Identity Governance and Administration (IGA) capabilities. Stay updated on emerging IAM technologies and trends, build a target state, and align with key stakeholders to implement the IAM roadmap that supports the EDC business context.
• Access Control Policies: Define, enable, and enforce access control policies to ensure secure and compliant access to systems and data. Implement Role-Based Access Control (RBAC) and Zero Trust Security models.
• Oversee IAM Technologies: define requirements, acceptance criteria and collaborate with platform product owners to manage the deployment, configuration, and maintenance of IAM technologies, including IGA, PAM, and Single Sign-On (SSO) solutions. Ensure timely and accurate updates to user access rights based on role changes, terminations, and other events.
• Support GRC Functions to conduct regular audits and assessments to ensure compliance with security policies and regulatory requirements. Review solutions and provide guidance to technology teams and third parties to ensure new and existing applications meet standards, utilizing RBAC and Zero Trust Security frameworks.
• Collaborate on Incident Response: Work closely with security operations and incident responders to support business and technology during IAM-related incidents