Job Title: IAM Consultant
Contract: Until October 8th, 2022
Job Description Summary:
The GFT/GD IT Information Security and Business Resilience Team is actively searching for an experienced Identity Access Management (IAM) Consultant, responsible for applying identity access security risk knowledge and expertise to assist with IT information security First Line of Defense activities to help strengthen Manulife's corporate segment information security posture and ensure regulatory compliance.
As an Identity and Access Management Consultant, you will:
~ Perform Server, Database, Application and Folder access reviews to ensure Separation of Duties and Least privileged accesses are enforced
~ Assess and onboard applications for regular access review
~ Help perform pre-access review activities
~ Help improve application access security practices
~ Advise management on access configuration risks
~ Respond to access security incidents
~ Manage access security related initiatives
~ Provide evidence to auditors and regulators demonstrating the effectiveness of our work
~ Provide guidance and advice on IAM best practices
Responsibilities:
1. Perform Access Security Baseline reviews to ensure that accesses to application and data are reviewed and signed off prior Production deployment.
2. Ensure Segregation/Separation of Duties (SOD) are enforced in application and data accesses to prevent unauthorized accesses and activities.
3. Work together with Business and Application Support stakeholders to understand the access framework of their applications and onboard these applications to be reviewed on an automated and regulated frequency.
4. Assist in performing pre-access review activities to ensure data integrity and accuracy prior to Access reviews.
5. Provide application access security consulting services to IT and other relevant partners/stakeholders.
6. Support operational security activities including oversight of ongoing segment specific access security processes (e.g., incident response, audit support, ad hoc queries, periodic access reviews)
7. Stay informed on emerging technologies, key business drivers, evolving threats and opportunities from both the business and within information access security discipline.
Knowledge/Skills/Competencies/Education:
• University degree in Computer Science, Information Technology, Software Engineering, Business Administration or relevant educational and professional experience.
• Two years or more of experience working at an intermediate level role, or above, within a combination of relevant disciplines in the field of Identity and Access Management – can include Access provisioning/deprovisioning, Application Onboarding, Access Reviews)
• Strong requirements and data analytical, problem-solving skills and willingness to learn
• Ability to work independently and as part of a geographically diverse team, managing multiple priorities within tight deadlines and communicating primarily thought online collaboration tools (MS Teams, SharePoint, etc)s.
• Good verbal and written communication, facilitation, and interpersonal skills.
• Influence behavior to reduce risks and foster a strong information access security risk management culture.
• Experience within a combination of relevant technical disciplines in the field of Identity and Access Management
• Working knowledge and experience in the following areas:
• Access Controls implementation and audit
• Role Based Access Controls Models
• Privileged Accounts management and audit
• Identity Access Reviews
• Nice-to-have:
• SOX Audit experience
• Professional certification(s) in Identity and Access Management domain
• Project management designation.