Specialist, Identity & Access Management

About The Position

Requirements

• Minimum 5–7 years of experience in Identity & Access Management, IT controls, audit, or compliance-focused roles.
• Demonstrated hands-on experience executing and supporting SOX or IT General Controls (ITGC), preferably in access management.
• Experience working directly with internal and/or external auditors, including evidence preparation and walkthroughs.
• Experience performing quality reviews or independent validation activities is a strong asset.
• Strong skills in evidence management, documentation quality, and audit traceability.
• Understanding of IAM processes, including user lifecycle management, access provisioning, deprovisioning, and recertification.
• Bachelor’s Degree in Computer Science, Information Systems or equivalent degree or work experience
• Certifications such as CISSP, CISA, CompTIA Security+, CIAM
• Communicates with impact
• Collaborates with others and shares information
• Applies critical thinking
• Demonstrates accountability and ownership of deliverables
• Demonstrates sound judgment in risk identification and escalation
• Deep understanding of SOX requirements, ITGC frameworks, and audit methodologies for access management controls.
• Ability to assess control design and operating effectiveness.
• Strong skills in evidence management, documentation quality, and audit traceability.
• Understanding of IAM processes, including user lifecycle management, access provisioning, deprovisioning, and recertification.
• Familiarity with IAM tools, enterprise systems, and access governance concepts.
• Fluently bilingual both written and verbal (English, French)

Nice To Haves

• Experience performing quality reviews or independent validation activities is a strong asset.
• Any designation for these above would be considered as an asset
• Any knowledge for any of the above would be considered as an asset

Responsibilities

• Execute Identity & Access Management SOX controls in accordance with documented procedures and regulatory requirements.
• Own assigned IAM controls, ensuring consistent, accurate, and timely execution throughout the audit cycle.
• Prepare, validate, and maintain audit evidence to support internal and external audits.
• Explain control design, operating effectiveness, and supporting evidence to auditors and stakeholders.
• Identify control weaknesses, execution gaps, or documentation issues and escalate risks appropriately.
• Perform independent cross-validation of IAM colleagues’ work to ensure completeness, accuracy, and compliance (second line of defense).
• Support continuous improvement by identifying recurring issues and recommending process or control enhancements.
• Serve as a subject matter expert during audit walkthroughs, testing, and issue remediation discussions.
• Collaborate with GRC, Internal Audit, External Audit, and IAM stakeholders to address audit requests and findings.
• Contribute to management action plans for control deficiencies and support remediation tracking.
• Participate in projects by providing feedback and subject‑matter expertise, and support testing for new application integrations and IAM tool upgrades as required.
• Maintain up-to-date process documentation, control narratives, and evidence standards for assigned IAM controls.
• Contribute to the refinement of IAM compliance procedures, templates, and validation checklists.
• Support knowledge sharing within the IAM team to strengthen audit readiness and control maturity.