Security Engineer

Grade: P7

Referral Level: Level 2

Division: IGMTech

IGM Financial Inc. is one of Canadas leading diversified wealth and asset management companies with approximately $271 billion in total assets under management. The company provides a broad range of financial planning and investment management services to help more than two million Canadians meet their financial goals. Its activities are carried out principally through IG Wealth Management and Mackenzie Investments.

Under IGM Financials unique business model based on leading brands and multichannel distribution strategy is Mackenzie Investments founded in 1967. Mackenzie Investments is a holistic assetmanagement partner for thousands of Canadian financial advisors and the investors they support.

At Mackenzie Investments You Can Build Your Career with Confidence.

We have a vision and a strategy that will challenge the way business in this industry is done and help Canadians be successful in the ways that mean the most to them. As part of our team you will do some of your best work develop some of your most valuable skills and give back in ways that make a difference in the lives of Canadians. We are proud to be recognized as one of Canadas Top Employers by Mediacorp Canada Inc. for empowering our employees with the tools to thrive while also providing resources to ensure physical and mental wellness were put front and centre.

Join an unstoppable team that is embedded in continuous learning understanding and knowledge sharing. You will thrive in our supportive environment where you can indulge your curiosity to learn while receiving the feedback you need to refine your skills and abilities. We are dedicated to offering a hybrid work environment when applicable.

Mackenzie Investments is a diverse workplace committed to doing business inclusively this starts with having a representative workforce! We encourage applications from all qualified candidates that represent the diversity present across Canada including racialized persons women Indigenous persons persons with disabilities 2SLGBTQIA community gender diverse and neurodiverse individuals as well as all who may contribute to the further diversification of ideas.

Roles and Responsibilities:
As a member of the Infrastructure delivery team at IGM you will be joining a highly collaborative group with many years of experience in Security Engineering delivering innovative solutions for both our clients advisors and employees through the use of insights and cutting edge technology.

This Role will be responsible for leading implementing and supporting the security design configurations and plays an integral role in protecting IGMs digital platforms across multi cloud environments. The role is also responsible for analyzing existing cloud capabilities and controls and creating new and enhanced security solutions. The ideal candidate is passionate about all aspects of Security with strong skills in Zero Trust implementations.

The successful candidate will have the following responsibilities:

• Deep knowledge of Microsoft M365 platform including Azure Active Directory Identity Protection Microsoft Defender Exchange Online Protection Azure Identity Protection Data Loss Prevention Sensitivity Labels Advanced Threat Protection Microsoft Intune and Conditional Access Policies etc.
• Handson experience in implementing Information and Cyber Security in multicloud platforms including GCP Azure and AWS.
• Handson experience with Microsoft Azure platform including Azure Sentinel Microsoft Cloud App Security Microsoft 365 Security Centre Microsoft Security & Compliance Centre etc.
• Handson experience in implementing security hardening in cloudbased systems network endpoint and cloud infrastructure
• Build technical solutions and security tools to help mitigate security vulnerabilities and automate repeatable tasks
• Deliver subject matter expertise of Office 365 with emphasis on security architectural design migration management and support of implementations
• Provide overall Office 365 security expertise including strong knowledge of Azure Active Directory Azure Information Protection Microsoft Enterprise Mobility Security SharePoint and OneDrive Security and related technologies
• Develop and implement the overall AD design based on organizational requirements such as AD forest domains organizational unit (OU) structures and Establish trust relationships between domains and forests if required
• Implement and maintain DNS (Domain Name System) for AD Configure and manage Group Policies to enforce security settings and configurations
• Subject matter expert of Azure AD Zero Trust components implementation Single SignOn Conditional Access (SAML OAuth etc. MFA Azure AD proxy device authentication and health validation least privilege access etc.
• Strong skills in Microsofts advanced security and networking services like ExpressRoute Key Vault Active Directory Sentinel and DDoS Protection to support dynamic and immutable Azure Cloud infrastructure

Strong security knowledge and experience in the below areas:

• Office 365 tenant
• Exchange Online Protection
• SharePoint Online
• OneDrive for Business
• Intune (Conditional Access MDM MAM)
• Clients (Outlook Outlook for Mac IMAP POP3 Mobile Devices)
• Permissions (Tenant Security & Compliance Center Exchange Online)
• Data Loss Prevention Archiving eDiscovery and Compliance
• Strong PowerShell scripting skills
• Strong skills in documenting system configurations standards and procedures
• Create and update technical project documentation (i.e. technical and configuration runbook implementation plan etc.
• Document detailed design and define technical solutions that consider the enterprise architecture strategies current state environment and constraints
• Lead and participate in ongoing Office 365 security and strategy discussions
• Identify opportunities for efficiencies by leveraging automation and other techniques
• Prepare change requests plan and coordinate all implementations for production and nonproduction environments
• Provides development and L2/L3 production support along with other team members.
• Collaborates effectively with the development teams to work on and assess defects
• Stay current of all things Office 365 including changes and updates roadmap releases and thirdparty solutions

In Scope Key Candidate Skills:

• Infrastructure as Code
• ATP
• Host and Endpoint Security
• CASB
• Active Directory and Azure/Entra Active Directory
• GCP
• AWS
• IAM
• PAM
• MFA
• Enterprise and Integrated DLP Rights Management
• PKI Internal / External
• Encryption and Key Management including HSM
• Email Security
• Management and Automation Tools
• Configuration Management
• Logging Monitoring and SIEM tools
• Threat prevention and extraction

The successful candidate will demonstrate the following core competencies and experience:

• 6 years of hands on working experience in the participation of engineering and design of IaaS/PaaS/SaaS platforms
• Passionate about evangelizing standards around application and infrastructure security
• Strong core foundation experience in fundamental cloud technologies and services
• Education at the bachelor or master level in Computer Science or equivalent technology related experience
• Excellent knowledge and relevant experience in security domains related to Identity and Access Management Data Security and Loss Prevention End Point Protection Cloud security Vulnerability and Threat Management etc.
• Strong knowledge of Infrastructure Security (Perimeter Security Network Solutions hardening etc. Security of cloudbased services and applications
• Experienced with security and risk control frameworks related to cloud including CSA CIS NIST etc.
• Superior problem solving and decisionmaking skills to resolve work issues with the ability to work under pressure in a dynamic environment
• Highly selfmotivated selfdirected and attentive to detail
• Strong communication (verbal/written) and good interpersonal skills to build relationships with internal and external business partners and vendors
• Strong desire to implement change and contribute to the organization
• One or more industry recognized information security professional designations (e.g. CISSP CISA etc. is an asset
• Experience with implementing Privileged Access Management products or solutions to large enterprise organizations is an asset
• Knowledge of the Financial Services industry is a definite asset

In addition the following competencies would be highly valued and considered more favorably:

Relationship Management:

• Proven ability to establish and build healthy working relations and partnerships with clients vendors and peers
• Possess effective communication and interpersonal skills and executive presence
• Highly credible with senior executives while also able to connect and build trust based relationships with stakeholders at all levels of an organization
• Gain commitment trust and support from others and will be able to sell ideas inside and outside the organization

Influence & Focus:

• Ability to focus/align the organization around critical initiatives best practices and guiding principles
• Exceptional influencing skills and will work transparently and cooperatively with the crossfunctional teams effectively engaging all pertinent stakeholders both internal and external

Versatility and Resilience:

• Able to oversee multiple projects and excel in a complex and evolving portfolio
• Demonstrate appropriate flexibility in all situations and will be comfortable with ambiguity while pivoting from macro to micro issues from shaping the technology innovation digital and strategy agenda through to the dayto day details of operations and compliance issues

Integrity:

• Adhere to the highest standards of personal and professional integrity and will set a positive example for others

People Management:

• Provide leadership and effective management of staff
• Accountable to influence employee commitment to the organization to the team and to their job

Adaptability:

• Should be flexible and able to adapt to changes or issues that may arise.

Attention to Detail:

• Should have a keen eye for detail to ensure that all aspects of the solution are considered and nothing is overlooked.

Time Management:

• Should be able to manage their time effectively to ensure that deadlines are met.

Determination:

• The successful candidate will not be afraid to challenge the status quo
• Exhibit a mindset of creativity determination and an energetic drive to succeed
• Have a proven track record of setting and meeting aggressive goals and action plans both as an individual and with a team

Please visit our career page by clicking on the following link: thank all applicants for their interest in Mackenzie Investments; however only those candidates selected for an interview will be contacted.

Mackenzie Investments is an accessible employer committed to providing a barrier free recruitment experience. If you require an accommodation or this information in an alternate format at any stage of the recruitment process please reach out to the Talent Acquisition team who will work with you to meet your needs.

Please apply by April 28 2025.

#LIJS2

#LIHybrid