Job DescriptionWhat is the opportunity?The
Senior IAM Systems Engineer, Authorization is a pivotal role responsible for designing, implementing, and maintaining enterprise-grade authorization solutions that enhance security, compliance, and operational efficiency. This role operates at the
intersection of automation, DevSecOps, and enterprise authorization platforms, driving the evolution of RBC's identity and access management (IAM) strategy.
As part of the Platform Enablement Engineering team, this engineer will collaborate with security, infrastructure, application, and compliance teams to establish a robust authorization framework. The focus will be on policy-driven access control, dynamic entitlement management, and centralized attestation services, ensuring seamless integration with RBC's diverse systems and platforms.
Authorization is a strategic pillar of RBC's IAM roadmap, directly improving risk management, regulatory compliance, and user experience by ensuring precise, context-aware access controls across the enterprise.
What will you do?- Design and implement enterprise authorization solutions using Open Policy Agent (OPA) with Rego for fine-grained, policy-as-code access control.
- Develop and maintain authorization policies in JSON-structured Rego, ensuring scalability, reusability, and alignment with business and regulatory requirements.
- Integrate Policy Decision Points (PDPs) with Policy Information Points (PIPs) across RBC's ecosystem (e.g., Workday, Salesforce, Beeline) to centralize entitlement data.
- Build custom authorizers, sidecars, and connectors to extend authorization capabilities to legacy and modern applications.
- Engineer a centralized attestation service by aggregating authorization policies, roles, entitlements, and physical access data into a unified compliance framework.
- Leverage graph database technologies (Neo4j) to model complex relationships between identities, resources, and permissions for advanced access analytics.
- Automate policy deployment, testing, and lifecycle management using CI/CD pipelines (GitHub Actions) and infrastructure-as-code (IaC) principles.
- Collaborate with Security, Risk, and Audit teams to ensure authorization controls meet regulatory standards (FRB, OSFI, Part 30).
- Optimize policy evaluation workflows with custom code and AI/ML frameworks (where applicable) to enhance decision-making efficiency.
- Document integration patterns, runbooks, and standards for enterprise-wide adoption and operational consistency.
- Support incident response, troubleshooting, and root-cause analysis for authorization-related issues.
What do you need to succeed? Must-have: - 5+ years of experience in DevOps, IAM, or SRE authorization engineering, or related fields.
- Strong programming skills in Python, Go, or Java for policy automation and integration.
- Working knowledge of DevOps/DevSecOps practices, including CI/CD pipelines and infrastructure automation.
- Proficiency in API integrations (REST, GraphQL) and microservices architecture.
- Familiarity with cloud-native authorization solutions (AWS IAM, Azure AD Conditional Access).
- Familiarity with enterprise IAM platforms (e.g., Entra, Auth0, SailPoint, CyberArk, ForgeRock, Okta).
- Strong problem-solving and collaboration skills, with the ability to drive cross-functional initiatives.
Nice-to-have: - Experience with AI/ML frameworks (e.g., TensorFlow, PyTorch) for policy optimization or anomaly detection.
- Hands-on expertise with Open Policy Agent (OPA) and Rego for policy-based access control
- Knowledge of attestation and governance tools (e.g., Saviynt, SailPoint IIQ).
- Understanding regulatory requirements (FRB, OSFI) and compliance frameworks (SOC 2, ISO 27001).
- Certifications (CISSP, CISM, CCSP) or relevant IAM/security credentials.
What's in it for you? - A comprehensive Total Rewards Program including bonuses and flexible benefits, competitive compensation, commissions, and stock where applicable
- Leaders who support your development through coaching and managing opportunities
- Ability to make a difference and lasting impact
- Work in a dynamic, collaborative, progressive, and high-performing team
- Opportunities to do challenging work and take on progressively greater accountabilities
#LI-POST
#TECHPJ
Job SkillsInformation Technology (IT) Infrastructure, Programming Languages, Software Change Request Management, Software Development Life Cycle (SDLC), Software Engineering, Software Integration Engineering, Software Product Design, Software Product Technical Knowledge, Software Release Management, System Testing Tools
Additional Job DetailsAddress:16 YORK ST:TORONTO
City:Toronto
Country:Canada
Work hours/week:37.5
Employment Type:Full time
Platform:TECHNOLOGY AND OPERATIONS
Job Type:Regular
Pay Type:Salaried
Posted Date:2026-05-29
Application Deadline:2026-06-10
Note: Applications will be accepted until 11:59 PM on the day prior to the application deadline date above
