IAM Architect Integrator – PAM

Position Description:

Secret clearance required (must reside in Canada 10 years to be eligible)

Your future duties and responsibilities:

. Participate in all phases of the project life cycle to support the design and implementation of PAM modernization and secrets management architecture for internal applications.
. Collaborate with application and infrastructure peers to deliver highly available credential retrieval services using CyberArk Credential and Central Credential Provider (CP/CCP) and/or Azure Key Vault.
. Act as the primary technical authority and perform planning activities leading to the solution architecture of the clients Privileged Access Management (PAM) platforms focusing on CyberArk (Privilege Cloud).
. Analyze the current privileged identity solution environments to identify deficiencies and opportunities for simplification scalability and alignment with Zero Trust principles.
. Define and document the solution architecture structure and deployment of PAM components for session isolation auditing recording JIT risk and secret rotation.
. Support secure authentication integration with Microsoft MFA FIDO2 and certificate-based methods.
. Work closely with Subject Matter Experts to confirm the detail design of each solution component and integration among components; as well as coordinate the implementation of the detail design
. Develop and document repeatable integration patterns and architectural reference models for application teams.
. Troubleshoot and resolve complex PAM and IAM issues across cross-functional environments in a timely manner.
. Provide knowledge transfer best practices and recommendations to strengthen PAM and secrets management governance and operational efficiency.
. Work with the clients Enterprise Architecture group to apply client standards
. Work with the clients Cyber Security group to apply client Cyber Security standards
. Present and seek approval for proposed design from the clients different governing bodies
. Other related activities and deliverables as required.

Required qualifications to be successful in this role:

. University degree or college diploma in Computer Science Information Security or a related field.
. Minimum of ten (10) years of relevant work experience in Identity and Access Management (IAM) with a focus on Privileged Access and Secrets Management.
. Minimum of five (5) years of direct hands-on experience architecting implementing and operating CyberArk Privileged Privilege Cloud.
. Minimum of five (5) years of direct hands-on experience architecting implementing and operating Azure Privileged Identity Management and Azure Key Vaults.
. Demonstrated expertise with CyberArk components including Vault CPM PSM SIA CP/CCP.
. Demonstrated experience with CyberArk migration projects (on-prem to cloud or multi-tenant deployments).
. Strong knowledge of secure authentication methods including SAML. OIDC FIDO2/WebAuthn and PKI.
. Strong understanding of privileged session recording monitoring and compliance requirements.
. Demonstrated ability to design and implement Role-Based Access Control (RBAC) frameworks particularly for internally developed applications.
. Strong technical knowledge of containers (Docker/Kubernetes) networking and web services protocols such as REST and SOAP as well as API design and integration using JSON/XML.
. Ability to produce clear concise and business-ready documentation tailored to technical and non-technical audiences.
. Strong analytical and problem-solving skills combined with effective negotiation and communication skills.

Additional Skills Nice to have
. Demonstrated experience with Agile and DevOps
. Demonstrated knowledge of Cyber Security certifications (CISSP GIAC etc.)
. Demonstrated experience in the banking industry and/or government organizations
. Experience with identity governance and integration with SailPoint or Microsoft Entra ID.

CGI is providing a reasonable estimate of the pay range for this role. The determination of this range includes factors such as skill set level geographic market experience and training and licenses and certifications. Compensation decisions depend on the facts and circumstances of each case. A reasonable estimate of the current range is $105000$155000. This role is an existing vacancy.

#LI-KM1

Use of the term architect in this job posting refers to the technical sense related to Information Technology (IT) and does not imply that the individual practices architecture or possesses the requisite license as prescribed by the applicable provincial or territorial architect regulator. We are seeking individuals with expertise in IT architect-related functions but licensure from an architect regulator is not a prerequisite for this position. Architecture is a regulated profession in Canada which is restricted in terms of use of titles and designation.

Skills:

• Data Migration
• English
• Identity and Access Mgt (IAM)
• French

What you can expect from us:

Together as owners lets turn meaningful insights into action.

Life at CGI is rooted in ownership teamwork respect and belonging. Here youll reach your full potential because

You are invited to be an owner from day 1 as we work together to bring our Dream to life. Thats why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our companys strategy and direction.

Your work creates value. Youll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas embrace new opportunities and benefit from expansive industry and technology expertise.

Youll shape your career by joining a company built to grow and last. Youll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons.

At CGI we value the strength that diversity brings and are committed to fostering a workplace where everyone belongs. We collaborate with our clients to build more inclusive communities and empower all CGI partners to thrive. As an equal-opportunity employer being able to perform your best during the recruitment process is important to us. If you require an accommodation please inform your recruiter.

To learn more about accessibility at CGI contact us via email. Please note that this email is strictly for accessibility requests and cannot be used for application status inquiries.

Come join our teamone of the largest IT and business consulting services firms in the world.