The Cyber Security Engineer role focuses on implementing, configuring, and operating the organization’s identity governance and administration platform. The role sits within the identity and access management function, supporting the bank’s identity governance and administration needs.
5+ years in Cyber Security Engineering
3 years of hands-on experience in IAG implementation and operations, preferably using SailPoint IdentityNow.
Proven expertise in configuring and managing IAG platforms, SailPoint IdentityNow is preferred.
Strong understanding of identity governance principles and best practices in a banking environment.
Familiarity with related cybersecurity technologies, including:
Identity Provider (IdP) systems
Active Directory and Azure AD (EntraID)
API (REST) integrations
Excellent problem-solving skills and ability to work in a fast-paced, regulated environment
Grade 12 National Certificate / Vocational
A relevant tertiary qualification in Information Technology - Computer Science
Join the team performing the implementation, configuration, and operation of SailPoint IdentityNow for IAG (Identity Administration and Governance)
Support the implementation, configuration and maintenance of identity governance processes, policies, and workflows tailored to the banking sector.
Collaborate with cross-functional teams to integrate IAG solutions with existing applications and systems.
Monitor and enhance security protocols to mitigate risks and ensure compliance with identified regulations.
Provide technical expertise and support for IAG-related incidents and improvements.
Active Directory Domain Services (AD DS)
Development & Operations (DevOps)
Azure Active Directory (Entra ID)
Networking (DNS, DHCP)
Security & Compliance
Identity & Access Management
Backup & Disaster Recovery
Hybrid Infrastructure & Operating Systems
Privileged Access Management (PAM)
Zero Trust principles by understanding identity and access management (IAM), implementing least-privilege access, and using (JIT/JEA) to strengthen security.
Analytical Skills
Communications Skills
Consultation skills
Planning, organising and coordination skills
Problem solving skills
Clear criminal and credit record
Here’s a detailed breakdown of 100 points on “how to” approach and perform effectively in a role involving IAG (Identity and Access Governance) implementation and operations, with a focus on SailPoint IdentityNow and the surrounding technologies. I’ve structured them into categories for clarity:
Learn the fundamentals of identity governance in banking.
Understand access lifecycle management (provisioning, de-provisioning).
Understand segregation of duties (SoD) policies.
Familiarize with compliance frameworks like SOX, GDPR, and PCI-DSS.
Understand role-based access control (RBAC) principles.
Learn attribute-based access control (ABAC).
Study identity lifecycle workflows.
Learn identity reconciliation concepts.
Understand access request and approval processes.
Study certification campaigns and recertification procedures.
Understand identity analytics and reporting.
Learn about privileged access management.
Understand audit and attestation requirements.
Learn best practices for identity governance in banks.
Keep updated on industry trends and regulations affecting identity management.
Install and configure SailPoint IdentityNow connectors.
Set up account aggregation for all enterprise systems.
Configure lifecycle events and provisioning policies.
Implement access request workflows.
Configure role-based access (RBAC) within IdentityNow.
Design and deploy role mining and role management.
Set up identity certification campaigns.
Create custom reports and dashboards in IdentityNow.
Monitor system health and audit logs.
Set up automated notifications for approvals or policy violations.
Integrate SailPoint with Active Directory.
Integrate with Azure AD (EntraID).
Manage identities from multiple sources.
Configure password management and self-service.
Implement SoD policies in SailPoint.
Set up Entitlements and Access Catalogs.
Map roles to business units and applications.
Maintain SailPoint IdentityNow upgrades and patches.
Troubleshoot connector errors and failed provisioning tasks.
Ensure data consistency between IdentityNow and target systems.
Configure SAML or OIDC connections for single sign-on (SSO).
Manage authentication policies and multi-factor authentication (MFA).
Integrate IdPs with IdentityNow for provisioning and de-provisioning.
Understand federation standards and protocols.
Monitor IdP logs and authentication failures.
Configure trust relationships between IdPs and service providers.
Troubleshoot IdP integration issues.
Document IdP configuration and access flows.
Connect IdentityNow to on-prem AD and Azure AD.
Configure user attribute mapping and synchronization.
Manage AD groups and roles for RBAC.
Monitor AD account provisioning/de-provisioning.
Configure password policies and resets via IdentityNow.
Troubleshoot AD connector failures.
Integrate EntraID for cloud-based identity governance.
Implement conditional access policies with Azure AD.
Monitor Azure AD logs and reporting.
Align AD/EntraID accounts with SoD compliance rules.
Learn IdentityNow API endpoints for automation.
Configure REST connectors to external systems.
Automate provisioning and de-provisioning via APIs.
Manage API authentication and tokens securely.
Monitor API calls and error logs.
Maintain up-to-date API documentation.
Test API integrations in a sandbox environment.
Troubleshoot API communication failures.
Map external system attributes to IdentityNow schema.
Automate reporting and notifications using API calls.
Document all configuration and system changes.
Create runbooks for common operational tasks.
Implement change management procedures.
Conduct regular system audits.
Monitor system performance and logs daily.
Maintain service-level agreements (SLAs).
Implement backup and recovery procedures.
Participate in monthly/quarterly governance reviews.
Ensure compliance with internal and external audit requirements.
Manage access review campaigns efficiently.
Maintain operational dashboards for management.
Schedule regular housekeeping of inactive accounts.
Conduct regular role cleanup and optimization.
Create reports on user access trends and anomalies.
Maintain knowledge base for recurring issues.
Implement identity policies consistent with cybersecurity standards.
Collaborate with security teams to resolve access incidents.
Monitor for abnormal account activity.
Implement least-privilege access policies.
Align identity governance with risk management frameworks.
Participate in vulnerability assessments affecting IAG.
Apply patches and security updates promptly.
Enforce MFA where required.
Conduct regular SoD risk analysis.
Review third-party system access regularly.
Track privileged account activity.
Ensure secure handling of sensitive identity data.
Quickly identify root causes of provisioning issues.
Prioritize tasks based on business impact.
Apply analytical thinking to complex workflows.
Develop automated solutions for repetitive tasks.
Troubleshoot cross-system integration issues.
Adapt to sudden regulatory changes.
Communicate clearly with technical and non-technical teams.
Maintain calm during high-pressure incidents.
Participate in incident response planning.
Continuously improve processes based on lessons learned.
Here’s a comprehensive list of 100 line items covering SOX (Sarbanes-Oxley Act), GDPR (General Data Protection Regulation), and PCI-DSS (Payment Card Industry Data Security Standard). I’ve broken them into categories for clarity: SOX (35), GDPR (35), PCI-DSS (30).
Understand the purpose of SOX: protect investors through accurate financial reporting.
Learn which entities SOX applies to (publicly traded companies in the US).
Study SOX Section 302: Corporate Responsibility for Financial Reports.
Study SOX Section 404: Management Assessment of Internal Controls.
Understand Section 906: CEO/CFO certification of financial statements.
Learn internal control requirements for financial reporting.
Document processes for revenue recognition.
Document processes for expense reporting.
Implement controls for IT systems affecting financial data.
Conduct regular internal audits.
Maintain audit trails for all financial transactions.
Implement access controls for financial systems.
Segregate duties to prevent fraud.
Monitor for fraudulent financial activities.
Ensure timely and accurate financial disclosures.
Maintain policies for financial reporting compliance.
Retain financial documents according to SOX retention rules.
Conduct periodic risk assessments for financial reporting.
Implement automated controls for transaction approval.
Track remediation of control deficiencies.
Review user access to accounting systems regularly.
Train employees on SOX compliance requirements.
Align IT policies with SOX compliance needs.
Conduct external audits and provide documentation.
Use logging and monitoring for sensitive financial data.
Ensure backup and recovery of financial information.
Test internal controls periodically for effectiveness.
Implement change management for financial systems.
Maintain evidence of control testing and remediation.
Ensure financial statements reflect true and fair view.
Implement secure electronic signatures where needed.
Report SOX violations promptly.
Establish whistleblower policies for financial fraud.
Track and document auditor communications.
Continually update controls to meet evolving compliance standards.
Understand GDPR applies to EU citizens’ personal data.
Know the lawful bases for processing personal data.
Obtain explicit consent from data subjects when required.
Implement data minimization principles.
Limit data storage to necessary retention periods.
Ensure accuracy of personal data.
Enable data subjects’ rights: access, correction, deletion.
Implement data portability mechanisms.
Allow individuals to object to data processing.
Appoint a Data Protection Officer (DPO) if required.
Conduct Data Protection Impact Assessments (DPIA).
Implement privacy by design in systems and processes.
Implement privacy by default in applications.
Protect personal data using encryption and pseudonymization.
Monitor third-party processors for GDPR compliance.
Ensure proper cross-border data transfer safeguards.
Notify authorities of data breaches within 72 hours.
Maintain records of processing activities (RoPA).
Implement access controls for personal data.
Conduct regular GDPR compliance audits.
Train staff on GDPR principles and policies.
Implement automated tools for data subject requests.
Document all consent mechanisms.
Ensure marketing communications comply with GDPR.
Monitor and log access to personal data.
Assess data processing contracts with vendors.
Evaluate risk of sensitive data processing.
Limit data exposure in testing or development environments.
Conduct regular penetration tests on systems holding personal data.
Ensure data anonymization where possible.
Review and update privacy notices regularly.
Implement incident response plans for data breaches.
Ensure accountability through internal reporting.
Map data flows to identify GDPR compliance gaps.
Audit cookies and tracking technologies for compliance.
Understand PCI-DSS applies to all entities handling cardholder data.
Install and maintain a firewall to protect cardholder data.
Do not use vendor-supplied default passwords.
Protect stored cardholder data through encryption.
Encrypt transmission of cardholder data across public networks.
Use strong access control measures for systems with cardholder data.
Restrict access to cardholder data to business need-to-know.
Assign a unique ID to each person with computer access.
Restrict physical access to cardholder data.
Track and monitor all access to network resources and cardholder data.
Regularly test security systems and processes.
Maintain an information security policy.
Conduct annual risk assessments for cardholder data.
Implement strong authentication measures for users.
Monitor and log all access to sensitive systems.
Protect against malware with anti-virus software.
Develop secure applications per PCI standards.
Conduct vulnerability scans and penetration tests regularly.
Ensure proper key management for encryption.
Maintain secure configurations for all systems.
Educate employees on security awareness.
Limit retention of cardholder data.
Mask PAN when displayed.
Regularly review and update security policies.
Monitor and respond to security alerts promptly.
Ensure secure transmission of card data between systems.
Require multi-factor authentication for remote access.
Segment networks to isolate cardholder data.
Document all PCI-DSS compliance processes.
Maintain an incident response plan for card data breaches.
Here’s a comprehensive 100 “how-to” guide for someone preparing for the SailPoint Professional Exam, covering IdentityNow, IdentityIQ, general IAG concepts, administration, implementation, integration, and governance best practices. I’ve organized them into categories so it’s easier to study and apply.
Understand the concept of Identity Governance and Administration (IGA).
Know the key objectives of SailPoint: compliance, security, and efficiency.
Learn identity lifecycle management concepts: onboarding, changes, offboarding.
Study the differences between IdentityNow and IdentityIQ.
Understand role-based access control (RBAC).
Learn attribute-based access control (ABAC).
Understand segregation of duties (SoD) and compliance risks.
Learn certification campaigns and recertification processes.
Know identity analytics and reporting features.
Understand privileged access management (PAM).
Study access request workflows and approval processes.
Learn entitlement management concepts.
Understand audit trails and logging for compliance.
Understand the principles of least privilege.
Know how identity governance supports regulatory compliance like SOX or GDPR.
Create and manage user accounts.
Configure connectors to target systems (AD, Azure AD, HR systems, etc.).
Manage identities from multiple sources.
Set up account aggregation.
Configure identity lifecycle events.
Define role hierarchy and assignments.
Manage access request workflows.
Create and maintain access catalogs.
Set up automated notifications for approvals.
Monitor system health and logs.
Configure password management policies.
Set up self-service capabilities.
Implement approval rules for access requests.
Manage application and connector configurations.
Troubleshoot provisioning errors.
Maintain identity data consistency.
Implement SoD policies and risk rules.
Execute certification campaigns.
Configure dashboards and reports.
Manage audit and compliance reporting.
Install and configure IdentityIQ.
Manage workflows using IdentityIQ’s task engine.
Define roles, rules, and policies.
Configure entitlements and lifecycle events.
Set up advanced approval workflows.
Implement certification campaigns.
Configure SoD and risk rules.
Manage connectors to target systems.
Monitor and troubleshoot system logs.
Set up provisioning and de-provisioning tasks.
Manage user access review processes.
Customize dashboards and reports.
Apply security patches and upgrades.
Implement segregation of duties.
Test IdentityIQ processes in a sandbox before production deployment.
Configure Active Directory (AD) connector.
Configure Azure AD / EntraID connector.
Set up HR system integrations (Workday, SAP).
Integrate cloud applications via REST APIs.
Test connector connectivity.
Map target system attributes to IdentityNow/IdentityIQ schema.
Maintain connector accounts and credentials securely.
Handle failed connector tasks.
Monitor provisioning logs for errors.
Schedule aggregation and provisioning jobs.
Set up SAML/OIDC integrations for single sign-on (SSO).
Configure multi-factor authentication with IdP.
Map roles and entitlements to business units.
Integrate SailPoint with third-party security tools.
Ensure data consistency between SailPoint and connected systems.
Define roles and hierarchies.
Assign roles to users automatically via policies.
Manage role lifecycle events.
Implement role mining to optimize access.
Map entitlements to roles.
Conduct SoD analysis for roles.
Configure role request approvals.
Regularly review and update role definitions.
Maintain documentation of role assignments.
Ensure roles follow the principle of least privilege.
Set up identity certification campaigns.
Define reviewers and approvers.
Schedule periodic recertifications.
Monitor certification progress and completion.
Generate compliance reports.
Track remediation actions.
Document evidence for audits.
Test certification campaigns in a staging environment.
Ensure SoD violations are highlighted and remediated.
Automate certification notifications to reviewers.
Apply least privilege principles to all users.
Monitor privileged accounts.
Secure API credentials and tokens.
Encrypt sensitive data in IdentityNow/IdentityIQ.
Maintain audit logs for all changes.
Conduct regular penetration tests on identity systems.
Ensure compliance with SOX, GDPR, and PCI-DSS.
Implement multi-factor authentication for admin access.
Perform periodic risk assessments.
Train staff on identity governance policies.
Investigate failed provisioning or de-provisioning tasks.
Monitor logs for system errors.
Optimize workflows to reduce manual interventions.
Tune system performance for aggregation and reporting jobs.
Document recurring issues and maintain a knowledge base.
Let’s break this down in a practical, “how-to” way. Out of the 100 lines above, we can focus on the 10 most critical items for a SailPoint IdentityNow professional working with SSO, MFA, and IdP integrations. I’ll explain why they are important and provide practical “how-to” steps for each.
Why it’s important: SAML is the backbone of enterprise SSO, letting users log in once and access multiple systems securely.
How-to:
Log into the IdentityNow admin console.
Navigate to Applications > Add SAML Application.
Enter SP Entity ID (IdentityNow identifier).
Upload IdP metadata XML from your identity provider.
Set the ACS URL (where SAML assertions are sent).
Map SAML attributes to IdentityNow user attributes (e.g., email → username).
Upload IdP signing certificate for validation.
Test login with a test user.
Enable in production and monitor logs.
Tip: Always validate attribute mapping — mismatched fields break provisioning.
Why it’s important: OIDC is widely used for modern cloud apps and APIs, allowing IdentityNow to integrate seamlessly with SaaS.
How-to:
Navigate to Applications > Add OIDC Application.
Enter Client ID and Client Secret provided by the IdP.
Add redirect URIs for IdentityNow.
Choose scopes: openid, profile, email.
Map OIDC claims (like sub, email) to IdentityNow user fields.
Test login with a sample user.
Enable for production.
Tip: Always securely store client secrets and rotate periodically.
Why it’s important: Correct mapping ensures users are provisioned with the right access, roles, and permissions.
How-to:
Identify key IdP attributes (email, firstName, lastName, group membership).
Go to IdentityNow Admin > Connector Configuration.
Map each IdP attribute to a corresponding IdentityNow field.
Test provisioning with a sandbox user.
Validate access and roles are correctly applied.
Tip: Use attribute mapping tables to track changes.
Why it’s important: MFA is critical for secure access, especially for admins and privileged accounts.
How-to:
Navigate to IdentityNow Admin > Authentication Policies.
Enable MFA for specific groups or all users.
Choose method: SMS, email, authenticator app, hardware token.
Configure policies for session timeout and re-authentication.
Test login and MFA challenge.
Communicate to end-users.
Tip: Start with admins first, then roll out to end-users.
Why it’s important: Automates onboarding/offboarding, reducing manual errors and security risk.
How-to:
Configure connector to the IdP.
Map attributes for account creation and role assignment.
Enable auto-provisioning for new users.
Enable auto-deprovisioning for terminated users.
Test with sandbox users for provisioning/de-provisioning.
Monitor logs for errors.
Tip: Always test before production; incorrect mappings can give excessive access.
Why it’s important: Helps troubleshoot login issues and design correct SSO flows.
How-to:
SP-initiated: User clicks IdentityNow login → request sent to IdP → IdP authenticates → sends SAML assertion back.
IdP-initiated: User logs into IdP portal → selects IdentityNow app → IdP sends assertion to IdentityNow.
Test both flows during setup.
Tip: SP-initiated is more common; IdP-initiated is often used for portals.
Why it’s important: Ensures users only get access they need (least privilege).
How-to:
Define roles in IdentityNow (Admin, Finance, HR, etc.).
Map IdP attributes or group membership to roles.
Assign entitlements based on roles.
Test by logging in as a role-assigned user.
Tip: Periodically review role assignments to avoid privilege creep.
Why it’s important: Ensures users are logged out from all apps in SSO session, improving security.
How-to:
Go to SAML Application Settings > SLO URL.
Enter the endpoint provided by IdP.
Test logout to ensure session ends across apps.
Tip: Test on multiple browsers to ensure session invalidation.
Why it’s important: Detects failed logins, provisioning errors, and security incidents.
How-to:
Navigate to Reports > System Logs.
Monitor SAML/OIDC login attempts.
Check provisioning logs for failures.
Set alerts for repeated login failures or de-provisioning errors.
Document and resolve issues promptly.
Tip: Proactive monitoring prevents compliance violations.
Why it’s important: Validates that all configurations work before going live.
How-to:
Use a sandbox/test user from IdP.
Attempt login via SP-initiated and IdP-initiated flows.
Verify MFA triggers correctly.
Confirm provisioning creates correct IdentityNow user account.
Assign roles and check entitlements.
Test de-provisioning by disabling IdP account.
Check logs for errors or warnings.
Tip: Document all tests for audit and compliance.
Summary of Key Concepts:
SSO (SAML/OIDC): Core for user convenience and secure access.
MFA: Critical for security of admin and user accounts.
IdP Integration: Ensures automated onboarding/offboarding.
Attribute Mapping & RBAC: Ensures correct access levels.
Testing & Monitoring: Prevents errors, supports compliance, and ensures smooth operations.