Senior Engineer - Identity Governance & Administration (IGA)

Individually we are people, but together we are Aviva. Individually these are just words, but together they are our Values – Care, Commitment, Community, and Confidence.

The Identity and access Management (IAM) team is looking for someone with experience in architecting and engineering Identity Governance and Administration (IGA) security solutions and driving the implementation of these security solutions in the IAM space. The ideal candidate will possess a broad knowledge and very strong technical hands-on experience with IAM solutions, focusing on IGA but also including Customer Identity and Access Management (CIAM) as well as Privileged Access Management (PAM) solutions.

What You'll Do

• In this role, you will be responsible for architecting, engineering, implementing, and enhancing of the new IGA solution, including its integration with CIAM, PAM tools, AD and LDAP directories, as well as business systems and applications.
• In addition, you will work with the Access Management team to review, document, update and align Aviva access provisioning processes with industry best practices in preparation for implementation of the IGA solution.
  
  

What You'll Bring

• Bachelor's degree in Computer Science or Computer Engineering, or equivalent experience.
• At least 8 years of Information Security experience with focus on IGA projects.
• Hands on experience in engineering, implementation, application on-boarding and support in one or more of the following IGA tools: SailPoint IdentityNOW is a must; SailPoint IIQ, Saviynt, Forgerock, OKTA are nice to have and will be considered.
• Proven integration experience of IGA tools with Workday, AD, AzureAD / EntraID, LDAP, CIAM (OKTA CIC Auth0) and PAM (CyberArk, BeyondTrust) in both Cloud and on-prem based environments is strongly desired.
• Familiarity with SailPoint IdentityNOW Non-Employee Risk Management (NERM) is nice to have.
• Proven experience in designing, updating, and implementing industry best practices for Joiner/Mover/Leaver (JML) processes and user’s lifecycle management (LCM) used in Active Directory, Windows, Unix/Linux, Mainframe and Cloud based environments (Microsoft AzureAD / EntraID, AWS) within IGA tool (SailPoint IdentityNOW). Aviva: Internal.
• Deep understanding of IAM technologies, controls, and standard methodologies (LDAP, user directories, certificates, SAML/OAUTH, Header based auth, MFA, SSO, Adaptive Authentication, FIDO, WebAuthN, PKI, Passwordless).
• Experience in the implementation and support of SaaS CIAM solutions –OKTA CIC Auth0, OKTA WIC, Forgerock, PingIdentity.
• Experience in the implementation and support of SaaS and on-prem PAM solutions (Beyond Trust and CyberArk) across multiple platforms (OS, network, database, virtualization, etc.) and multiple account types (personal, shared, service, etc.).
• Solid grasp of Active Directory structure including Organizational Units (OUs), Groups, Access Rights, User Accounts, Objects, rights delegation, and GPO policies.
• Strong technical ability to design, build and support a dedicated DEV environment for IGA related solutions.
• Experience in scripting automation and integration work using Unix scripting, PowerShell, Java, Python and Ansible Tower.
• Experience in working with multiple database types (MS SQL, DB2, Oracle, Hadoop, MongoDB, PostgreSQL etc.).
• Ability to effectively employ critical thinking and analysis to determine project scope, prioritization of work, work effort and timelines for the projects.
• Able to multi-task on multiple projects and tasks with contending priorities in a fast-paced environment.
• Ability to dynamically balance work effort for new projects and activities and assist other team members in order meet team objectives.
• Strong verbal and written communication, interpersonal and collaborative skills – interacting with both internal and external clients and vendors from both technical and non-technical perspectives.
• A curiosity about digital/cybersecurity – the desire and openness to upskill as required to stay pace with the current cyber threat landscape.
  
  

What You’ll Get

• Compelling rewards package including base compensation, eligibility for annual bonus, retirement savings, share plan, health benefits, personal wellness, and volunteer opportunities.
• Outstanding Career Development opportunities.
• We’ll support your professional development education.
• Competitive vacation package with the option to purchase 5 extra days off per year.
• Employee driven programs focused on gender, LGBTQ+, origins, diversity, and inclusion.
• Corporate wellness programs to support our employees’ physical and mental health.
• Hybrid flexible work model.
  
  

Please note that we may use AI tools to help us through the recruitment process. This is an existing position which has been posted both internally & externally.

Aviva Canada has an accommodation process in place to provide accommodations for employees with disabilities. If upon commencement of employment you require a specific accommodation because of a disability, please contact your Talent Acquisition Partner so that an appropriate accommodation can be arranged. This process applies throughout your career with Aviva Canada.