IT Security Analyst

Overview

CWM Job Posting Title: IT Security Analyst - 4
Location: Remote (office days on manager request)
Contract Duration: 12 months
Extension: Possible (6 months)
Conversion to FTE: Possible
Number of Positions: 1
Scheduled Hours: Monday to Friday, 9am-5pm

Story Behind the Need

• Business Group: The IAM Governance team is looking for a resource with previous SailPoint expertise to help move the organization’s IAM access governance strategy forward. The Global Identity & Access Management (GIAM), Governance Team is responsible for the governance of established security controls pertaining to Identity and Access. Our IAM Governance and Control teams work closely with operations teams to ensure our controls are in place and remediated by operations teams to reduce risks to our Bank.

• Project: Seeking an IT security analyst to work within the IAM Governance and Control Team. They would be responsible for supporting the achievement of the Bank’s information security objectives of integrity, confidentiality/privacy, and continuity by ensuring Logical Access is effectively governed for the Enterprise. They will provide oversight for access management through various controls (certifications, privileged access, toxic combinations (i.e. SoD) etc.) across applications and platforms.

• Rationale for hire: Backfilling parental leave for two resources. We require Contractors to help with the Governance work (e.g. KPI/KRI dashboards) and assist with various streams of remediation required to address systemic issues with IAM Governance.

Candidate Value Proposition

The successful candidate will have the opportunity to work within Scotiabank. We are technology partners who help the business transform how our employees around the world work. You will get to work with and learn from diverse industry leaders, who have hailed from top technology. We also have an inclusive and collaborative working environment that encourages creativity, curiosity, and celebrates success!

Typical Day in Role

• Enjoy working in a positive environment with highly motivated individuals that want to reduce the risks within the bank.
• Run the directives & standards function that defines and drives adoption of IAM directives, standards, framework(s), and guidelines.
• Run the monitoring & reporting function that defines and KPIs/KRIs, monitors compliance and manages exceptions.
• Run the Operational Processes and Procedures Maintenance function that defines and maintains operations processes.
• Run project advisory function that provides project and rules/roles advisory.
• Analyze data and access processes and procedures to deliver recommendations for greater efficiency by building process(es) to reduce operational risks.
• Create and contribute to specific analytics and reporting goals, in support of the overall success of Global Identity and Access Management (GIAM) business strategies.
• Managing and/or conducting detailed, risk-based evaluations of the design and operating effectiveness of Information Technology (IT) controls.
• Gather evidence and respond to various audit, compliance, and IT risk teams to remediate risk-related issues.
• Excel in relationship building (internal / external GIAM) and work with various teams to assist in completion of all certifications across the enterprise.
• Look for continuous improvements to maximize automation where possible and reduce manual efforts in all processes and procedures within the team, while considering and evaluating the bank’s risk appetite and risk culture.
• Perform required tasks for access governance functions; tasks relevant to Identity & Access Governance including access certification, communication, and documentation of operational processes and procedures, etc.
• Demonstrate personal accountability for assigned projects, initiatives, and daily processes.

Candidate Requirements / Must-Have Skills

• 1) 2+ years of IAM experience
• 2) 8+ years of progressive experience with IT Security/Cyber security/ Data analysis
• 3) Recent experience using SailPoint
• 4) Information Security background including an understanding of the security best practices, standards and methodologies
• 5) Good understanding of various tools/platforms (i.e.: Google Cloud Platform, Centrify, CyberArk, Active Directory, UNIX-flavor systems and/or LDAP)

Nice to Have Skills

• Experience in Power BI
• Technical designation is considered an asset (e.g., CompTIA Security+, CISSP); Fluency in Spanish is considered an asset

Soft Skills

• Superior written and oral communication skills; ability to express complex thoughts clearly, know how to listen and contribute to a team environment.
• Strategic thinker, leader, and high achiever.
• Work successfully in a matrixed IT and business team environment.
• Detail oriented, results driven individual.
• Prioritize tasks to meet deadlines and deliver measurable results.
• Experience building and leading a high performing team and establishing strong working relationships with business partners.
• Build teams, mentor team members, identify process improvements, and lead enterprise-wide security initiatives.
• Excellent organizational skills and the ability to manage multiple intake channels efficiently.
• Competent to work on complex projects independently.

Education

• Bachelor\'s degree in a technical field such as computer science, computer engineering or related field required (considered an asset but not necessary). Best vs. Average: Ideal candidate will have strong experience in Power BI, experience in IAM controls, have dealt with audit and governance related tasks.

Candidate Review & Selection

• 1st round interview – hiring manager + colleague (30 minutes) – Ms teams

• 2nd round interview –director (30 minutes) – Ms teams