IAM Manager, Information Security

First National is proud to be an equal opportunity employer and is committed to diversity and inclusion regardless of race, color, religion, national origin, age, gender identity, physical or mental disability, sexual orientation and any other category protected by law.

First National supports requests for accommodation from applicants with disabilities; please contact Human Resources at [email protected] should you need an accommodation at any point in the recruitment process.

We are hiring an IAM Manager, Information Security!

The Opportunity:

A strategic and integral member of the Information Security Team, reporting to the Senior Manager (GRC), Information Security, is responsible for ensuring the security, integrity, and availability of First National information assets.

The role will be responsible for the program management and continuous improvement of the IAM Security Program taking into consideration, its strategy, policies, processes, controls, assessments, reporting, metrics, training, and awareness. The role will be critical in guiding First National to protect the organization's digital assets and ensure secure access for authorized users while adhering to the Security frameworks and Zero-Trust principles.

This role requires the following skills:

• Specialized knowledge and experience in managing the Identity and Access Management program.
• Knowledge of Identity Access Management approaches, concepts, tools, techniques, and project management within the IAM realm.
• Development, maintenance and review of Information Security Policy, Standards, Processes and Procedures related to Identity and Access Management.
• Knowledge and understanding of current security standards and best practices, particularly ISO 27001.
• Effective and dynamic communicator.                                                                                                                                                                                                                                                         

How you will contribute:

• Responsible for setting up, developing, implementing, and continually improving an IAM program, to support the governance of access principles and to ensure high security standards & integrity of the company’s information systems/data.
• Design and implement IAM concepts and best practices such as, access & identity management, privileged accounts management, account types (e.g. B2C), access reviews, IAM lifecycle, etc.

• Design and implement the program across principles of RBAC, ABAC, PBAC, Segregation of duties, least privilege, etc.
• Identify gaps between existing processes, tools, and technologies and the desired future state, and develop prioritized recommendations to mitigate identified gaps.
• Spearhead the identification and selection of adequate and appropriate IAM tools.
• Develop a prioritized roadmap that outlines the steps and resources needed to deploy the necessary IAM Tools and processes.
• Lead implementation projects around IAM technologies and processes.
• Drive audit and compliance activities related to IAM by ensuring access controls are well-documented, aligned with regulatory requirements, and verifiable through regular access reviews, reporting, and evidence collection. Collaborate with internal and external auditors to support IAM-related audits and ensure timely remediation of findings.

Governance

• Assist in the drafting, review, update, development, and implementation of security policies, standards, and procedures to secure access, ensuring security and compliance with associated risks, contracts, regulations, and industry standards.
• Create, maintain & enhance processes related to the lifecycle of Identity Access Management and supporting documentation, across the enterprise, including identity governance and administration (IGA), Privileged Access Management (PAM) and Customer identity and Access Management (CIAM).  
• Drive enhancements to IAM security that are both practical and achievable using a balanced approach that considers business needs as well as information security risk.

Risk Management

• Conduct regular IAM risk assessments and vulnerability assessments, making recommendations for improvements and mitigation strategies, accounting for people, processes, and technology, and associated security controls.
• Work with management to assess, design, and implement IAM solutions and operating processes to address key and evolving risks.
• Assist in the third-party risk assessments process to ensure risk identification, transparency and business acceptance and contractual obligations.

Compliance Management

• Control monitoring and review of internal security risk assessments associated with the IAM program.
• Ensure compliance with relevant regulations and industry standards (specifically, ISO 27001).
• Develop, document, and assess measures, metrics, and internal controls.

Audit Management

• Assist in all current and future security related audit and certification processes.
• Support audit and assessment activities, such as internal and external audit, vendor assessments, benchmarking, etc.

Continual Improvement

• Stay current with industry trends and emerging technologies and identify opportunities to integrate them into the IAM and information security program.
• Identify new identity and access management requirements through industry resources, research, and consultation with technology subject matter experts.

 The experience you need:

• Bachelor’s degree in computer science or the equivalent work experience is required. Graduate degree preferred.

• Information security certifications, such as CISSP, CISM, ISO27001, CCSP or equivalent preferred.
• Minimum of 5 years of prior experience in Identity and Access Management in a medium or large size organization is required.
• 2 years of experience in managing deployments of at least one of the following IAM vendors suites: Microsoft Entra ID Governance, SailPoint, Saviynt, CyberArk, Okta, BeyondTrust or similar solutions.
• Management experience in financial services industry is beneficial.
• Experience with information security management frameworks is preferred.
• Knowledge of zero-trust security principles

Skills and Attributes:

• Strong interpersonal communication, analysis, and writing skills.

• Able to align management and leadership strategies when working on projects.
• Ability to work effectively with business unit and IT department managers, including Application Development, Infrastructure, Operations, Network, Technical Support, and others.
• Superior verbal and written communication skills.
• Must be a team player.
• Ability to successfully lead extended teams through new and complex concepts and processes.

Working Environment and Physical Demands Analysis:

• Office environment
• Periods of high volume with tight timelines
• Long periods of stationary position/sitting
• Prolonged periods of repetitive movement (i.e. using a keyboard and mouse)
• Long periods of time in viewing a computer screen
• Multi-tasking may include speaking to customers on a telephone call while looking up information on a computer program.

Why join First National?

• Competitive Compensation 
• Comprehensive benefits program (i.e., Health Spending Account, Maternity and Parental Leave Top Up)
• Hybrid working environment.
• Extensive training programs to set our employees up for success
• Modern office environment conducive to collaboration
• Supportive teamwork culture
• Opportunities to give back to the communities and work through events focused on a variety of charities
• Ongoing social events throughout the year

The team you’ll join:

Founded in 1988, First National is one of Canada’s largest non-bank lenders. We provide residential mortgages exclusively through the mortgage broker channel and we are Canada’s largest commercial mortgage lender.

First National has been consistently recognized as a great place to work and we are proud that our employee engagement feedback is higher than our industry partners.

We would like to thank all applications for their interest in this existing vacancy, but only candidates selected for an interview will be contacted.

#FNLOON