Senior Security Platform Specialist- PAM

Job Description:

Division: IGM Technology

Its activities are carried out principally through IG Wealth Management and Mackenzie Investments.

Under IGM Financial’s unique business model based on leading brands and multi-channel distribution strategy is Mackenzie Investments, founded in 1967. Mackenzie Investments is a holistic asset-management partner for thousands of Canadian financial advisors and the investors they support.

At Mackenzie Investments You Can Build Your Career with Confidence.

We are proud to be recognized as one of Canada’s Top Employers by Mediacorp Canada Inc. for empowering our employees with the tools to thrive while working remotely, while also providing resources to ensure physical and mental wellness were put front and centre.

We are dedicated to offering a hybrid work environment when applicable.

Mackenzie Investments is a diverse workplace committed to doing business inclusively - this starts with having a representative workforce! We encourage applications from all qualified candidates that represent the diversity present across Canada – including racialized persons, women, Indigenous persons, persons with disabilities, 2SLGBTQIA+ community, gender diverse and neurodiverse individuals, as well as all who may contribute to the further diversification of ideas.

Role & Responsibility:

The Senior IAM Security Platform Specialist is a member of the Identity and Access Management (IAM) team responsible for the integration and automation of security best practices within the development lifecycle. The specialist will focus on the practical implementation of IAM, Privileged Access Management (PAM), and Secrets Management solutions, working in multi-cloud and on-prem environments.

This role will lead the development of toolsets that brings centralization, security, and timely access to resources and will work closely with IAM Engineering, Operations and DevOps team members to ensure security is embedded in every aspect of the software delivery pipeline.

This is a technical role focusing on the delivering IAM capabilities. It provides a unique opportunity to work closely with numerous business and functional areas across IGM.

Key Capabilities & Responsibilities:

• Drive and advance Identity management and customer experience capabilities that align with our Business and IS Strategy
• Implement IAM and PAM platforms including provisioning, authentication, and access management across both internal and cloud platforms .
• Responsible in installing, configuring, and maintaining IAM, PAM, and Secrets Management platforms such as SailPoint IdentityNow, CyberArk, and HashiCorp Vault.
• Develop scripts and automation workflows using PowerShell, Python, or Bash to improve security and deployment efficiency.
• Create and maintain documentation such as operational drawings, systems configurations, standard operating procedures, playbooks, manuals, etc
• Support the preparation of change requests, plan, and coordinate all implementations for production and non-production environments
• Identify opportunities for efficiencies by leveraging automation and other techniques
• Collaborate with security, business, and DevOps teams to develop security solutions for cloud infrastructure (AWS, Azure, GCP).
• Stay current on DevSecOps and IAM trends, technologies, and best practices.

Nice to have Skills:

• Knowledge of Azure AD Zero Trust components implementation – Single Sign-On (SAML, OAuth, etc.), Multi-Factor Authentication (2FA, biometric, etc.), LDAP, Advanced Threat Protection, Microsoft Intune and Conditional Access Policies, Azure AD proxy, device authentication and device profile validation, least privilege access, etc.
• Familiar with security compliance frameworks (e.g. NIST, CIS)
• Nice to have strong mid to expert level knowledge and experience in the below areas:
• Office 365 tenant
• Exchange Online Protection
• SharePoint Online
• OneDrive for Business
• Intune (Conditional Access / MDM / MAM)
• Permissions (Tenant / Security & Compliance Center / Exchange Online)
• Data Loss Prevention, Archiving, eDiscovery, and Compliance
• Strong PowerShell scripting skills

In Scope Key Candidate Skills:

• Identity & Access Management (IAM):Basic understanding of identity lifecycle management, provisioning, de-provisioning, and access controls.
• Privileged Access Management (PAM):Exposure to managing privileged accounts and access rights, particularly in cloud environments (AWS, Azure, GCP).
• Secrets Management:Familiarity with tools like HashiCorp Vault to store and manage sensitive information securely.
• Automation:Skills in scripting (Python, Bash, or PowerShell) to automate security tasks.
• Cloud Security:Understanding of cloud security best practices and cloud-native IAM solutions (AWS IAM, Azure Active Directory).
• Infrastructure as Code (IaC):Exposure to IaC tools (Terraform, CloudFormation) to embed security in automated deployments.
• Multi-Factor Authentication (MFA):Understanding of how MFA works and the ability to help manage its implementation.
• Zero-Trust Security Framework:Awareness of the principles of Zero-Trust and how they apply to modern security architectures.

Qualifications & Skills:

• Bachelor’s degree in computer science/engineering or equivalent
• 5+ years’ hands-on design and implementation experience security, DevOps, or cloud engineering role, with a focus on IAM, PAM, or DevSecOps.
• Strong experience in scripting languages like Python or Powershell
• One or more IAM, PAM or Secrets Management certifications (SailPoint Certified IdentityNow Cloud Engineer and/or SailPoint Certified IdentityNow Security Engineer, CyberArk Sentry and/or Guardian, HashiCorp Cloud Engineer Certifications)
• Nice to have 5+ years of Microsoft Active Directory and Azure Active Directory experience with strong knowledge in Zero Trust
• Good knowledge in using a variety of protocols and standards in solutions, including SAML, OAuth, OIDC, XACML, SCIM, FIDO2, Human Workflow with ServiceNow, NIST 800-63, NIST 800-207, Zero Trust Framework, etc.
• Experience with implementing Privileged Access Management products or solutions to large enterprise organizations is an asset
• One or more industry recognized information security professional designations (e.g. CISSP, CISA, etc.) is an asset
• Superior problem solving and decision-making skills to resolve work issues with the ability to work under pressure in a dynamic environment
• Strong communication (verbal/written) and good interpersonal skills to build relationships with internal and external business partners and vendors
• Strong desire to implement change and contribute to the organization
• Knowledge of the Financial Services industry is a definite asset

Please visit our career page by clicking on the following link: https://www.mackenzieinvestments.com/en/careers

We thank all applicants for their interest in Mackenzie Investments; however, only those candidates selected for an interview will be contacted.

Mackenzie Investments is an accessible employer committed to providing a barrier free recruitment experience. If you require an accommodation or this information in an alternate format at any stage of the recruitment process, please reach out to the Talent Acquisition team who will work with you to meet your needs.

Please apply by October 4, 2024.

#LI-JS2

#LI-Hybrid