Grade: P7

Referral Level: Level 2

Division: IGM Technology

IGM Financial Inc. is one of Canada's leading diversified wealth and asset management companies with approximately $252 billion in total assets under managements. The company provides a broad range of financial planning and investment management services to help more than two million Canadians meet their financial goals. Its activities are carried out principally through IG Wealth Management and Mackenzie Investments

Under IGM Financial’s unique business model based on leading brands and multi-channel distribution strategy is Mackenzie Investments, founded in 1967.  Mackenzie Investments is a holistic asset-management partner for thousands of Canadian financial advisors and the investors they support. 

At Mackenzie Investments You Can Build Your Career with Confidence.

We have a vision and a strategy that will challenge the way business in this industry is done and help Canadians be successful in the ways that mean the most to them. As part of our team, you will do some of your best work, develop some of your most valuable skills and give back in ways that make a difference in the lives of Canadians.  We are proud to be recognized as one of Canada’s Top Employers by Mediacorp Canada Inc. for empowering our employees with the tools to thrive while working remotely, while also providing resources to ensure physical and mental wellness were put front and centre.

Join an unstoppable team that is embedded in continuous learning, understanding, and knowledge sharing. You will thrive in our supportive environment where you can indulge your curiosity to learn, while receiving the feedback you need to refine your skills and abilities. We are dedicated to offering a hybrid work environment when applicable.

Mackenzie Investments is a diverse workplace committed to doing business inclusively - this starts with having a representative workforce! We encourage applications from all qualified candidates that represent the diversity present across Canada – including racialized persons, women, Indigenous persons, persons with disabilities, 2SLGBTQIA+ community, gender diverse and neurodiverse individuals, as well as all who may contribute to the further diversification of ideas.

Position

The Senior Specialist, IAM Operations is responsible for day-to-day operational activities providing expertise and support to the Identity and Access Management team.

This is a technical role, and the ideal candidate is passionate about delivering IAM services through operational excellence. The candidate must have a proven versatile skill set, including technical acumen and excellent learning agility with the ability to maintain, operate, support, and document enterprise-class solutions and systems based on industry-standard IAM platforms in complex environments. The Specialist will bring to bear a combination of prior strong IGA, PAM and Directory Services experience, problem-solving skills, and technical expertise in delivering operational excellence to drive business strategies to successful outcomes.

This role focuses on reviewing existing IAM processes and driving continuous improvement initiatives to ensure they are aligned to IGM’s strategic goals, security and risk standards, governance, audit, and reporting on all facets of IAM Operations.  Close collaboration with the IAM Platform team will be required to support the overall delivery of IAM services to the enterprise.

This position will establish partnership and communication channels with multi-functional teams that include business users, external business customers, consultants, and cross- IS teams to deliver on key business initiatives.

Key Capabilities & Responsibilities

• Drive and advance Identity management and customer experience capabilities that align with our Business and IS Strategy
• Manage and operate the enterprise IAM platforms: IGA (SailPoint IdentityNow), PAM (CyberArk Privilege Cloud), Directory Services (Windows AD & Entra ID) and Secrets Management (Hashicorp Vault), including provisioning, birthright roles, entitlements, segregation of duties, authentication, authorization, human and non-human credential and role management, access certification, logging, analytics and reporting, across both internal and cloud platforms
• Provide second level support to troubleshoot and remediate IAM related issues, collaborating with the IAM Platform team for third level support when required
• Provide support to the first level IAM Operations team and collaborate with these team members to optimize processes and procedures
• Serve as a Subject Matter Expert in the efficient management of operational functions of all IAM platforms
• Provide technical and governance input to IAM projects
• Be the technical liaison and escalation point between different teams
• Work closely with the IAM Leadership team on operational and performance statistics for all IAM platforms to ensure reliability and availability, perform preventative maintenance, and automate routine procedures
• Maintain production change control schedule and participate in change control processes
• Troubleshoot problems and respond to escalations, and perform repairs as needed
• Conduct routine access certifications to ensure compliance and audit with established standards, policies, and configuration guidelines
• Create and maintain documentation such as operational workflows & processes, standard operating procedures, playbooks, manuals, Knowledge Articles, etc.
• Independently handle operational tasks without management oversight
• Collaborate closely with multiple levels of leadership as well as peers to build alignment and advance initiatives

In Scope Key Candidate Skills:

• Identity Governance & Administration Platforms
  • SailPoint IDN (or IIQ)
• Privileged Access Management, and Secrets Management
  • CyberArk
  • HashiCorp Vault
  • Azure AD Privileged Identity Management (PIM)
• Windows Active Directory
• Microsoft Entra ID
• Authentication & Authorization Protocols (SAML, OAuth, OIDC)
• MFA
• Least Privilege RBAC and Segregation of Duties
• Microsoft M365
• Cloud Platform IAM (Azure, GCP, AWS)
• Infrastructure as Code
• Scripting (PowerShell, Python, etc)

Qualifications & Skills:

• Undergraduate degree coupled with identity management experience in a large organization, preferably a financial institution.
• 5+ years of operational experience with SailPoint, CyberArk and/or HashiCorp Vault with strong knowledge in Zero Trust
• Strong experience in Microsoft Active Directory and MS Entra ID
• Knowledge of security and risk control frameworks related to cloud, including CSA, CIS, NIST, etc.
• Superior problem solving and decision-making skills to resolve work issues with the ability to work under pressure in a dynamic environment
• Highly self-motivated, self-directed, and attentive to detail
• Strong desire and aptitude for continuous development to learn new skills and technologies
• Superior collaboration, and interpersonal skills with a demonstrated ability to work effectively and build consensus in a multi-functional team environment.
• Strong communication (verbal/written) and good interpersonal skills to build relationships with internal and external business partners and vendors
• Ability to determine the information and communication needs of stakeholders
• Deadline-driven and results-oriented; able to meet consistently high-quality standards while handling a variety of tasks and deadlines simultaneously
• Strong desire to implement change and contribute to the organization
• One or more industry recognized information security professional designations (e.g. CISSP, CISA, etc.) is an asset
• Knowledge of the Financial Services industry is a definite asset

Please visit our career page by clicking on the following link: https://www.mackenzieinvestments.com/en/careers

We thank all applicants for their interest in Mackenzie Investments; however only those candidates selected for an interview will be contacted.

Mackenzie Investments is an accessible employer committed to providing a barrier free recruitment experience. If you require an accommodation or this information in an alternate format at any stage of the recruitment process, please reach out to the Talent Acquisition team who will work with you to meet your needs.

Please apply by September 25, 2024.

#LI-JS2

#LI-Hybrid