24 Oct
Mackenzie Investments
Greater Toronto Area
IGM Financial Inc. is one of Canada''s leading diversified wealth and asset management companies with approximately $271 billion in total assets under managements.
The company provides a broad range of financial planning and investment management services to help more than two million Canadians meet their financial goals.
Its activities are carried out principally through IG Wealth Management and Mackenzie Investments
Under IGM Financial's unique business model based on leading brands and multi-channel distribution strategy is Mackenzie Investments, founded in 1967.
Mackenzie Investments is a holistic asset-management partner for thousands of Canadian financial advisors and the investors they support.
At Mackenzie Investments You Can Build Your Career with Confidence.
We have a vision and a strategy that will challenge the way business in this industry is done and help Canadians be successful in the ways that mean the most to them.
As part of our team, you will do some of your best work, develop some of your most valuable skills and give back in ways that make a difference in the lives of Canadians.
We are proud to be recognized as one of Canada's Top Employers by Mediacorp Canada Inc. for empowering our employees with the tools to thrive while working remotely, while also providing resources to ensure physical and mental wellness were put front and centre.
Join an unstoppable team that is embedded in continuous learning, understanding, and knowledge sharing.
You will thrive in our supportive environment where you can indulge your curiosity to learn, while receiving the feedback you need to refine your skills and abilities.
We are dedicated to offering a hybrid work environment when applicable.
Mackenzie Investments is a diverse workplace committed to doing business inclusively - this starts with having a representative workforce! We encourage applications from all qualified candidates that represent the diversity present across Canada – including racialized persons, women, Indigenous persons, persons with disabilities, 2SLGBTQIA+ community, gender diverse and neurodiverse individuals, as well as all who may contribute to the further diversification of ideas.
Role & Responsibility
The Senior Security Platform Specialist (IAM Architecture) is a member of the Identity and Access Management (IAM) team responsible for designing, operating and maintaining Identity Management,
Secrets Management and Privileged Access Management (PAM) platforms for the enterprise.
The Senior Security Platform Specialist (IAM Architecture) will work with project teams to architect secure IAM and PAM solutions destined for multi-cloud and on-prem environments.
Working with business, security, and other technical team members, the Senior Security Platform Specialist (IAM Architecture) will be responsible in technical security architectural requirements, design, and delivery of the Sail
Point Identity
Now, Active Directory, Secrets Management and Privileged Access Management platforms.
This role will lead the development of toolsets that brings centralization, security, and timely access to resources and will work closely with IAM Engineering, Operations and Dev
Ops team members.
The role is also expected to do hands on development/configuration work.
This is a deep technical, delivery and leadership-oriented role, and provides a unique opportunity to work closely with numerous business and functional areas across IGM.
Key Capabilities & Responsibilities
Define strategic security architectures across hybrid technology stacks and cloud hosted IAM, PAM and Secrets Management platforms.
Act as an SME in IAM and PAM platforms on evaluating, designing, and testing solutions and technologies, aligned with the enterprise security platforms, including Sail
Point Identity
Now, Cyber
Ark PAM, Hashi
Corp Vault for Secrets Management,
Microsoft Active Directory and Azure Active Directory Define solutions realizing workforce and customer IAM capabilities, develop and evolve solution architectures and designs, demonstrate solutions meet stakeholders' requirements, and obtain approval on the architectures and designs at the architecture review board
Deliver architectures and designs in both agile and iterative waterfall project delivery models, and propose and implement enhancements to improve the viability of the solutions to meet program timelines, budget, and quality measurements.
Author patterns to drive reuse of IAM, PAM and Secrets Management solutions across IGMBe an authoritative and trusted partner with deep, practical experience in workforce and customer IAM, Secrets Management,
PAM and solution architecture best practices to various business and functional areas across IGM, as well as to various risk management and governance functions
Liaise with cloud, integration, data, digital, security and infrastructure architecture, development, and engineering teams to ensure that all solution architecture views are defined and elaborated
Develop documentation, architectural, design and workflow diagrams, and test scripts
Identify and communicate high-level gaps and issues in primary functional areas
Review solutions to ensure new and existing applications are implemented to the standards utilizing the RBAC and Zero Trust Security Frameworks
Proactively identify security technology reuse goals and opportunities
Direct the research and evaluation of emerging IAM and PAM technologies, industry, and market trends; and ensure recommendations are based on business relevance, current standards and best practices, appropriate timing, and deployment
Identify potential risks of projects, document and address those risks and work with other teams to resolve issues
Implementation Experience
Must have hands-on experience designing and deploying large-scale enterprise Identity Governance & Administration solutions, including Identity Management (Provisioning, Enrolment, De-provisioning), Access Management, Authentication, Authorization, Role Based Access Control (RBAC), Identity Governance (Attestation, Re-certification, Reconciliation), Identity Federation, Single Sign-On (Desktop SSO, Web SSO, eSSO),
Privileged Access/User Management (PAM/PUM), Security and IAM management for cloud based solutions, including IaaS, PaaS, SaaS and IDaaS, Social Login, Identity Analytics, Identity Trust Frameworks
Must have hands-on experience to install, configure, test, maintain and troubleshoot Identity, Access, Governance and Audit Management platforms, e.g.
Sail
Point IIQ Identity
Now, Azure Active Directory, Windows Active Directory, Cyber
ArkStrong architecture experience with Privileged Access Management Solutions (Cyber
Ark, etc.)Strong knowledge of Directory Services – Active Directory and Azure Active Directory
Subject matter expert in the following IAM Technologies: LDAP, SAML, OAuth, OpenID Connect (OIDC), XAML, NAPPS, WS-Fed, FIDO, UMA, SCIM, IWA, etc.
Hands-on experience in designing and implementing integrations with Service
Now and end-to-end workflow automation for full circle fulfillment Governance, planning, and delivery of enterprise-level IAM program based on zero-trust (Identity, access, privileged access, SSO federation, cloud, MFA)Experience in implementing security hardening in cloud-based systems, endpoint, and cloud infrastructure
Design of SIEM use cases and playbooks and detection and response plans as it relates to IAMMaintain security, backup, and redundancy strategies for IAM platforms
Document standard operating procedures and protocols
Lead in the creation and updates of technical project documentation (i.e. technical and configuration runbook, implementation plan, etc.)In Scope Key Candidate Skills
Sail
Point Identity
NowCyber
Ark Privileged Access Management
Hashi
Corp Vault
Windows Active Directory
Azure Active Directory
Authentication & Authorization Protocols (SAML, OAuth, OIDC)Azure AD Privileged Identity Management (PIM)Zero-Trust and NIST Identity Frameworks Multi-Factor Authentication
Least Privilege RBAC and Segregation of Duties
Microsoft M365Cloud Platform IAM (Azure, GCP, AWS)Infrastructure as Code
Power
Shell
QualificationsA University degree plus at least 5 years'' experience with IAM and PAM architectures and security
Extensive knowledge and experience of IAM and PAM-related security capabilities (i.e. provisioning, birthright roles, entitlements, segregation of duties, authentication, authorization, human and non-human credential and role management, access certification, logging, analytics and reporting, privileged access management, etc.) and their realization across workforce and customer populations5+ years of hands-on working experience in the participation of design and engineering of enterprise scale Sail
Point Identity
Now and Cyber
Ark PAM solutions
Diverse solutioning experience in a variety of environments, platforms, and channels, including multi-cloud, SaaS, on-prem, off-prem, mainframe, web, mobile, call centre, public clients, etc.
Hands-on experience in using a variety of protocols and standards in solutions, including SAML, OAuth, OIDC, XACML, SCIM, FIDO2, Human Workflow with Service
Now, NIST 800-63, NIST 800-207 Zero Trust Framework, etc.5+ years' experience with Microsoft Windows AD, Azure AD, and LDAP5+ years' experience with Sail
Point and Java, Java
Script, Beanshell, JSON, XML, RPC, SQL, Python and REST development
One or more IAM and PAM certifications (Sail
Point Certified IdentityIQ Architect and/or Sail
Point Certified Identity
Now Engineer, Cyber
Ark Sentry and/or Guardian)One or more industry recognized architecture professional designations (e.g. TOGAF, SABSA, etc.) is an asset
One or more industry recognized information security professional designations (e.g. CISSP, CISA, etc.) is an asset
Experience in Digital Applications, Salesforce Financial Services Cloud, Azure, GCP cloud services platforms is an asset
Superior problem solving and decision-making skills to resolve work issues with the ability to work under pressure in a dynamic environment
Highly self-motivated, self-directed, and attentive to detail
Excellent documentation and diagraming skills with diligent attention to detail, providing clarity of architecture and design for Engineering and Operations teams
Superior leadership, collaboration, and interpersonal skills with a demonstrated ability to work effectively and build consensus in a multi-functional team environment
Strategic thinker with strong organizational, project management and time management capabilities
Deadline-driven and results-oriented; able to meet consistently high-quality standards while handling a variety of tasks and deadlines simultaneously
Strong communication (verbal/written) and good interpersonal skills to build relationships with internal and external business partners and vendors
Strong desire to implement change and contribute to the organization
Knowledge of Financial Services industry Please visit our career page by clicking on the following link: https://www.mackenzieinvestments.com/en/careers
We thank all applicants for their interest in Mackenzie Investments; however only those candidates selected for an interview will be contacted.
Mackenzie Investments is an accessible employer committed to providing a barrier free recruitment experience.
If you require an accommodation or this information in an alternate format at any stage of the recruitment process, please reach out to the Talent Acquisition team who will work with you to meet your needs.
Please apply by October 31, 2024.#LI-JS2#LI-Hybrid
▶️ Senior Security Platform Specialist (IAM)
🖊️ Mackenzie Investments
📍 Greater Toronto Area