Identity Access Management (IAM) Specialist

Back to Job List

Department: Information Technology

Date Posted: 9/25/2023

Location: Toronto, Ontario, CA

Reference No.: 2023-24E

Position Type: Full-Time

Our Information Security area is looking for a highly motivated Identity Access Management (IAM) Specialist to join their team


At OPB, the health, safety and wellness of our employees, clients, vendors, and stakeholders is our top priority.  Recognizing the benefits of working from home and the collaborative teamwork experience in the office, we have commenced a gradual return to the workplace and are in the process of implementing a hybrid work model. Eligibility to participate in the hybrid work model will be assessed based on the requirements of the role.To learn more about our hiring protocols during the COVID-19 pandemic, please visit our Careers site at


Reporting to, and under the general guidance of the Corporate Information Security Officer, you will be responsible for leading the design, implementation, and maintenance of a secure effective IAM program to mitigate information security risk. You will work closely with other members of the IT team, developers and service providers to ensure that user access to company systems and data is controlled, monitored, and audited appropriately. You will also lead the entire identity lifecycle, implementing a PAM (Privileged Access Management) solution and designing RBAC (Role-Based Access Control) principles. Automating and scripting or directing the automation of IAM tasks to improve efficiency and reduce manual errors is a key skill that you bring.


Key Responsibilities:


  • Design, document, implement, and manage a comprehensive Identity and Access Management program that covers all aspects of user access to company systems and data, including RBAC and PAM.
  • Work with other members of the IT team to define and implement, maintain access control policies, procedures, procedures, and relevant knowledge repositories based on RBAC principles.
  • Manage the entire identity lifecycle, including user provisioning, modification, and deprovisioning.
  • Provide advanced support and development services for centralized authentication, MFA and SAML based authentication mechanisms.
  • Implement PAM principles to secure and manage privileged accounts.
  • Monitor and review access rights to ensure that access is granted based on business need and in accordance with company policies.
  • Automate and or direct the automation of IAM tasks using scripting languages such as PowerShell or Python to improve efficiency and reduce manual errors.
  • Perform periodic access reviews and report on access rights to management.
  • Updating, and maintaining procedures related to the administration and management of user IDs.
  • Maintain up-to-date knowledge of regulatory requirements related to IAM, PAM, and RBAC, identity-related compliance and ensure that the company is compliant.
  • Investigate and respond to security incidents related to user access to company systems and data.
  • Work with external auditors and other supporting third-party suppliers to provide evidence of compliance with regulatory requirements related to IAM, PAM, and RBAC.
  • Act as a subject matter expert in the IAM discipline; identify and conduct detail assessments of emerging IAM initiatives.
  • Develops or recommends training for employees on IAM best practices and identity-related security and privacy awareness.


Key Qualifications:


  • Post-secondary education with studies focused on information/cyber security or a combination of education and IAM focused experience in a professional setting may be considered as an equivalent.
  • Possesses 3-5 years of  progressive experience and current working knowledge in the field of information or cyber security including identity management, access management, privileged access management, encryption & data protection and data loss detection/prevention.
  • Working knowledge and experience with IAM systems such as Microsoft Active Directory, LDAP, Azure AD, Okta, Thycotic, and Savyint (or equivalent) is required.
  • Relevant certification(s) such as CIAM, CISSP, or CISA is an asset.
  • Demonstrated proficiency and exceptional understanding of access control principles such as Least Privilege and Secure-by-Design.
  • Strong understanding of SSO standards such as SAML, OIDC and OAuth.
  • Experience with auditing, legislative, and compliance requirements related to IAM, such as PIPEDA or HIPAA.
  • In depth knowledge of industry standards and compliance frameworks such as NIST, ISO 17799, CIS and COBIT.
  • Detailed knowledge of the identity lifecycle management process, including user provisioning, modification, and deprovisioning.
  • Excellent scripting skills using languages such as PowerShell, Python, or Perl (or equivalent).
  • Experience with automation, API integration and scripting of IAM tasks.
  • Proficient writing & communication in order to adapt technical content to a business audience.
  • Experience working with and monitoring performance of supplier partners.
  • Highly collaborative and demonstrates an ability to effectively build and maintain positive working relationships.
  • Strong problem-solving, analytical skills and meticulous attention to detail.
  • Ability to exercise discretion, tact and diplomacy in accessing highly confidential information that is sensitive in nature, specifically when gathering, analyzing, and reporting on evidence related to internal and external breaches.                                                                  


Are you interested in this exciting opportunity?

The competition will remain open until a successful candidate is selected or until the competition is closed.


This competition is open to all employees of OPB and has been posted on LinkedIn.
OPB is committed to providing accommodation for people with disabilities in its recruitment process.
Please advise OPB if you require an accommodation and we will work with you to meet your needs.

OPB is committed to fostering a culture of diversity, equity and inclusiveness that reflects the diverse communities we serve. 
We welcome and encourage applications from those who may contribute to the further diversification of ideas. 

Candidates being considered for this position will be required to submit to a background screening.
We thank all applicants, however, only those selected for an interview will be contacted.


If you are looking for an exciting opportunity and to build a career in an innovative and dynamic organization, submit your resume by clicking on Apply Now below. 
We thank all applicants for their interest; however, only those selected for an interview will be contacted. Ontario Pension Board is an equal opportunity employer.