×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Systems Engineer

Senior Customer Identity & Access Management; CIAM Engineer

Job in Toronto, Ontario, M5A, Canada
Listing for: OMERS
Full Time position
Listed on 2026-01-02
Job specializations:
  • IT/Tech
    Cybersecurity, Systems Engineer
Job Description & How to Apply Below
Position: Senior Customer Identity & Access Management (CIAM) Engineer

Choose a workplace that empowers your impact.

Join a global workplace where employees thrive. One that embraces diversity of thought, expertise and experience. A place where you can personalize your employee journey to be — and deliver — your best.

We are a purpose-driven, dynamic and sustainable pension plan. An industry leading global investor with teams in Toronto to London, New York, Singapore, Sydney and other major cities across North America and Europe. We embody the values of our 600,000+ members, placing their best interests at the heart of everything we do.

Join us to accelerate your growth & development, prioritize wellness, build connections, and support the communities where we live and work.

Don’t just work anywhere — come build tomorrow together with us.

Know someone at OMERS or Oxford Properties? Great! If you're referred, have them submit your name through Workday first. Then, watch for a unique link in your email to apply.

We are looking for a Senior Customer Identity & Access Management (CIAM) Engineer to design, implement, and optimize secure, scalable identity solutions that protect our customers and digital assets. You will play a key role in delivering secure and seamless customer experiences across our digital platforms while aligning with regulatory standards and industry best practices. You will collaborate closely with Architecture, Dev Ops, Cloud, Security, and Compliance teams to enable trust and security at every interaction.

What You’ll Do

  • Design & implement end-to-end CIAM capabilities, including SSO, MFA, identity lifecycle management, consent management, identity governance, and data privacy.

  • Serve as the technical lead for CIAM initiatives, guiding platform selection, customization, integration patterns, and reference architectures.

  • Implement advanced authentication: adaptive/risk-based auth, identity proofing, and federation protocols (SAML 2.0, OIDC, OAuth 2.0).

  • Engineer and optimize Ping Identity solutions and related ecosystem products (e.g., Ping Federate, Ping Access, Ping One, DaVinci).

  • Define secure user identity journeys and technical requirements in partnership with product, architecture, engineering, and security teams.

  • Embed identity controls into CI/CD pipelines and support Dev Sec Ops  practices across build, test, and release.

  • Produce detailed architecture documentation—sequence diagrams, data flow diagrams, and threat models—and maintain IAM policies and standards.

  • Troubleshoot and resolve IAM/CIAM incidents; drive performance tuning, capacity planning, and resilience improvements.

  • Collaborate with vendors (Ping Identity) and external partners to integrate third‑party systems and manage escalations.

  • Ensure alignment with regulatory and compliance frameworks (GDPR, CCPA, HIPAA, PCI‑DSS) and privacy-by-design principles.

  • Mentor developers and engineers on identity best practices, SDK usage, and secure integration patterns.

    • What You Bring

  • 7+ years in Identity & Access Management with 2+ years focused on CIAM.

  • Expertise with Ping Identity (required) and experience across its suite (e.g., Ping Federate, Ping Access, Ping One, DaVinci).

  • Hands-on with additional CIAM platforms (e.g., Okta/Auth0, Forge Rock, Azure AD B2C) and federation across heterogeneous environments.

  • Deep knowledge of standards and protocols: OAuth 2.0, OIDC, SAML 2.0, SCIM, JWT, and modern web security (TLS, cookies, CORS).

  • Strong understanding of directory services & identity stores: LDAP, Active Directory/Azure AD, and cloud directories.

  • Integration skills with RESTful APIs and event-driven patterns; proficiency with JSON and secure token handling.

  • Automation skills:
    Power Shell and/or Python for provisioning, configuration, monitoring, and operational tasks.

  • Architecture & resiliency: design, test, and operate highly available/failover CIAM services in hybrid or multi‑cloud environments.

  • Networking fundamentals: DNS, HTTP/S, reverse proxies, and load balancers; ability to diagnose auth flows end‑to‑end.

  • Operational excellence: automate monitoring, backups, and recovery procedures (e.g., scripts or Terraform) to support resilience and DR.

  • Incident leadership: lead diagnostics and RCA documentation for…

    • Position Requirements
    10+ Years work experience
    Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
    To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
     
     
     
    Search for further Jobs Here:
    (Try combinations for better Results! Or enter less keywords for broader Results)
    Location
    Increase/decrease your Search Radius (miles)

    Job Posting Language
    Employment Category
    Education (minimum level)
    Filters
    Education Level
    Experience Level (years)
    Posted in last:
    Salary
    Advanced Search