Permanent Full Time
In this role, you will work closely with your team, as well as architects and technical leads across different technology areas, to design, build, and support privileged access management (PAM) solutions across Canada Life. Your main focus will be on securing application secrets and supporting cloud-based PAM solutions. You will help ensure that sensitive credentials are managed safely and efficiently. As part of daily operations, you will also help handle and resolve complex (Level 3) privileged access requests and issues.
What you will do:
- Design, implement, and maintain enterprise PAM solutions (e.g., CyberArk, BeyondTrust, Delinea, Microsoft Entra ID PIM).
- Develop secure architectures for privileged identity lifecycle management, credential vaulting, session management, and least privilege enforcement.
- Lead PAM platform upgrades, integrations, and modernization initiatives across on-premises and cloud environments.
- Implement role-based, just-in-time (JIT) and Zero Standing Privileges (ZSP) access models to minimize standing privileges.
- Define and enforce PAM standards, patterns, and best practices.
- Develop and maintain automation workflows (scripts, APIs, pipelines) for onboarding accounts, credential rotation, and access provisioning.
- Integrate PAM solutions with enterprise systems including Active Directory, Azure AD / Entra ID, cloud platforms (AWS, GCP), DevOps tools, and applications.
- Provide L3 engineering support for complex PAM incidents and issues.
- Act as a subject matter expert (SME) for PAM within the organization.
- Mentor junior engineers and guide cross-functional teams.
- Collaborate with security, infrastructure, application, and cloud teams to drive PAM adoption.
- Contribute to roadmap planning and strategic initiatives for identity security.
What you will bring:
- 5 years of experience in the administration of PAM solutions is required.
- A degree or equivalent education in a related discipline such as Computer Science, Business Computing, Engineering, or Commerce is required.
- Minimum of 3 years experience in designing, implementing and troubleshooting CyberArk PASM, CyberArk Secret Manager or any other related PAM solution.
- 2 years experience in implementing Just-in-Time and Zero Standing Privileged Access.
- Good understanding of REST API, Oauth, JWT and experience in setting up applications to retrieve secrets from the vault will be vaulable
- Some experience in scripting (Bash, Python, Pwershell) will be an added advantage.
- Advanced problem-solving and analytical skills.
- Strong communication and stakeholder management abilities.
- Strategic thinking with a hands-on technical mindset.
- Ability to lead initiatives and influence security practices across the organization.
- Attention to detail with a strong focus on security and compliance.
The base salary for this position is between
$100,800 - $130,800 annually. This represents base salary only and does not represent other variable compensation components of our total compensation ( i.e. annual bonus, commission etc). If you are selected to move forward in our recruitment process, your recruiter will be able to discuss additional details of our total rewards program with you.
Career opportunities will be open a minimum of 5 business days from the date of posting, closing dates will vary depending on the search activity. All applications received will be reviewed on a rolling basis.
#LI-Hybrid
Requisition ID: 6291
Category: Digital Technology
Location:
