The Principal, IAM leads Toromont's identity program across all human and non-human identities. Reporting to the Director, Cybersecurity, this role sets the IAM strategy, architecture, and roadmap to establish identity as a core Zero-Trust capability across IT and OT/ICS.
They drive key IAM capabilities: identity lifecycle and JML automation, SSO/MFA and conditional access, PAM, and IGA rollout while guiding how access is managed securely at scale. The role serves as the enterprise IAM authority, mentors technical teams, partners with risk and audit, and represents IAM in architecture reviews and vendor evaluations.
Please note: the successful candidate may be based anywhere in Canada, including ON, QC, NS, MB, NB, PEI, or NL.
Pay TypeFull Time, Permanent
Compensation$91,820 - $114,776
The listed base salary is just one component of our total rewards package, and performance-based or discretionary bonuses may be available
As a Principal, Identity & Access Management, YOU will experience:- Working within one of the safest organizations in the industry where your safety and well-being are our most important priority
- Working for the best in class equipment dealer and with the premium Caterpillar brand
- Opportunities to continuously Learn, Grow and Develop with our Toromont team through our internal Training teams that are geared for your success
- Competitive total rewards including: wages, benefits, and premiums (as eligible)
- An opportunity for flexible work schedules and opportunities across multiple locations, from Manitoba to Newfoundland
In a typical day, YOU will:- Lead the enterprise IAM strategy, reference architecture, standards, and multi-year roadmap across IT and OT/ICS.
- Build and automate lifecycle management for human and non-human identities (including AI and agent service accounts), with full JML automation and governance.
- Implement PAM for all privileged accounts with vaulting, JIT/JEA access, session controls, and secrets management.
- Deploy the IGA platform; define RBAC, personas, entitlements, access workflows, SoD controls, and certification processes.
- Establish enterprise SSO, MFA, conditional access, and federation standards aligned to Zero Trust.
Must-haves for this role:- 8+ years IAM experience - Strong hands-on background across core IAM domains.
- Identity lifecycle & JML - Human and non-human identity management expertise.
- IGA platforms - SailPoint, Saviynt, or Entra ID Governance; RBAC, personas, entitlements, access reviews, SoD.
- PAM tools - CyberArk, BeyondTrust, or Delinea; vaulting, JIT/JEA, session and secrets management.
- SSO/MFA & federation - SAML, OIDC, OAuth2, SCIM; conditional access (Entra ID/Okta/Duo).
- Machine/service identity governance - Workload, machine, and service-account controls, plus AI and agent service-account governance.
- Zero Trust - Strong grounding in least-privilege and identity-centric security.
- Audit & compliance - SOC, FSA and access certifications; audit evidence and reporting.