Senior Identity and Access Management Engineer

Individually we are people, but together we are Aviva. Individually these are just words, but together they are our Values – Care, Commitment, Community, and Confidence.

The Identity and Access Management (IAM) team is looking for someone with experience in architecting and engineering an Identity Governance and Administration (IGA) solution and integrating various types of applications and sources. The ideal candidate will have strong technical hands-on experience with IAM solutions, focusing on IGA but also including Customer Identity and Access Management (CIAM) and Privileged Access Management (PAM) solutions.
 

What you'll do

• In this role, you will be responsible for architecting and engineering a new IGA solution, including its integration with CIAM, PAM, AD/LDAP directories, business applications and databases

• Strong interpersonal skills will be required when engaging with application, vendor and business partners to obtain technical requirements and coordinate changes

• In addition, you will work with the Access Management team to review, document, update and align Aviva access provisioning processes with industry best practices

What you'll bring

• Bachelor's degree in Computer Science or Computer Engineering, or equivalent experience.

• At least 5 years of IAM experience with focus on IGA implementations.

• Hands on experience in architecting and implementing one or more of the following IGA tools: SailPoint IdentityNOW; SailPoint IIQ, Saviynt, Okta

• Experience integrating a variety of business applications and sources (Workday, NERM)

• Experience integrating IGA solutions with multiple database types (MS SQL, DB2, Oracle, Hadoop, MongoDB, PostgreSQL etc.).

• Proven integration experience of IGA tools with AD, Entra ID, LDAP, CIAM (OKTA CIC Auth0) and PAM (CyberArk, BeyondTrust)

• Proven experience in designing, updating, and implementing industry best practices for Joiner/Mover/Leaver (JML) processes and user’s lifecycle management (LCM) used in Active Directory, Windows, Unix/Linux, Mainframe and Cloud based environments (Microsoft AzureAD / EntraID, AWS) within IGA tool (SailPoint IdentityNOW).

• Deep understanding of IAM technologies, controls, and standard methodologies (LDAP, user directories, certificates, SAML/OAUTH, Header based auth, MFA, SSO, Adaptive Authentication, FIDO, WebAuthN, PKI, Passwordless).

• Solid grasp of an Active Directory structure including Organizational Units (OUs), Groups, Access Rights, User Accounts, Objects, rights delegation, and GPO policies.

• Experience in scripting automation and integration work using Unix scripting, PowerShell, Java, Python and Ansible Tower.

• Ability to effectively employ critical thinking and analysis to determine project scope, prioritization of work and timelines for the projects.

• Able to multi-task on multiple projects and tasks with contending priorities in a fast-paced environment.

• Strong verbal and written communication, interpersonal and collaborative skills – interacting with both internal and external clients and vendors from both technical and non-technical perspectives.

• A curiosity about digital/cybersecurity – the desire and openness to upskill as required to stay on pace with the current cyber threat landscape.

Nice to Have

• Familiarity with SailPoint IdentityNOW Non-Employee Risk Management (NERM)

• Experience in the implementation and support of CIAM solutions (OKTA CIC Auth0, OKTA WIC, Forgerock, PingIdentity)

• Experience deploying PAM solutions (BeyondTrust,CyberArk) and onboarding various types of assets(servers, databases, network switches)

What you’ll get

• Compelling rewards package including base compensation, eligibility for annual bonus, retirement savings, share plan, health benefits, personal wellness, and volunteer opportunities.

• Outstanding Career Development opportunities.

• We’ll support your professional development education.

• Competitive vacation package with the option to purchase 5 extra days off per year.

• Employee driven programs focused on gender, LGBTQ+, origins, diversity, and inclusion.

• Corporate wellness programs to support our employees’ physical and mental health.

• Hybrid flexible work model.

Please note that we may use AI tools to help us through the recruitment process. This is an existing position which has been posted both internally & externally.

Aviva Canada has an accommodation process in place to provide accommodations for employees with disabilities. If upon commencement of employment you require a specific accommodation because of a disability, please contact your Talent Acquisition Partner so that an appropriate accommodation can be arranged. This process applies throughout your career with Aviva Canada.