Senior Security IAM Specialist

Our client, the Bank of Canada has a hybrid remote 2 year contract opportunity for a Senior Cyber Security IAM Specialist.

Under the direction of the Director, Cyber Identity and Access Management (IAM);

• Conduct information gathering, analysis, and documentation of technical and non-technical requirements for IAM capabilities, services, and control improvements
• Define and document current-state and future-state business and system processes, including dependencies, control points, and implementation considerations
• Design IAM use cases and support implementation activities to improve privileged access, authentication, secrets management, and related cyber controls
• Support the development of key control effectiveness metrics, traceability artifacts, and reporting inputs to measure roadmap progress and outcomes
• Develop end-user documentation, procedural guidance, visuals, and training materials to enable adoption of IAM processes and controls
• Provide guidance and support to Cyber, IT, architecture, operations, and business teams
• Support requirements and implementation planning for cryptographic inventory, dependency mapping, algorithm transition planning, certificate impacts, and crypto-agility in support of PQC readiness
• Facilitate workshops, perform stakeholder analysis, identify gaps and risks, and translate business, operational, and security needs into implementation-ready requirements, user stories, and acceptance criteria

• University degree or college diploma in computer science, information security, risk management or a related field
• A minimum of five (5) years of recent demonstrated experience in information technology and Cyber Security
• A minimum of five (5) years of recent demonstrated experience in conducting information gathering and analyzing, documenting and validating complex business, process, and system requirements for security-sensitive solutions
• Demonstrated strong knowledge of identity and access management, privileged access management, credential protection, Multi-Factor Authentication (MFA), Public Key Infrastructure (PKI), and cryptographic controls
• Demonstrated recent experience translating risk, compliance, operational, and architectural needs into functional and nonfunctional requirements
• Demonstrated strong understanding of privileged access governance, credential vaulting, secrets management, session control, and service account management concepts
• Demonstrated strong understanding of MFA methods, adaptive authentication, exception handling, and phishing-resistant authentication requirements
• Demonstrated working knowledge of PKI, certificate lifecycle management, digital certificates, key management, trust models, and certificate-related dependencies
• Demonstrated awareness of post-quantum cryptography (PQC), including cryptographic inventory, practices, algorithm transition planning, and enterprise crypto-agility considerations
• Demonstrated recent experience producing process maps, gap analyses, dependency assessments, traceability matrices, user stories, and acceptance criteria
• Demonstrated ability to work effectively with business stakeholders, security architects, engineers, operations teams, and audit/compliance partners
• Recent demonstrated experience supporting delivery in regulated, complex, or highly governed enterprise environments
• Demonstrated excellent communication, facilitation, documentation, and stakeholder skills

• Demonstrated knowledge of cloud-based access controls, including Conditional Access Policies, MFA, SAML, and OATH/OIDC-related authentication concepts
• Demonstrated knowledge of Zero Trust principles and implementation patterns
• Demonstrated proficiency in business intelligence, reporting, and data analysis to support control measurement and informed decision-making
• Demonstrated experience using automation to reduce manual repetitive tasks and improve analysis of large volumes of data