Lead Security Engineer, Identity and Access Management
CPP Investments
Explore CPPIB, a global investment management organization. Learn about our mission, strategies and how we help create retirement security for Canadians.
Make an impact at a global and dynamic investment organization
When you invest your career in CPP Investments, you join one of the most respected and fastest growing institutional investors in the world. With current assets under management valued in excess of $500 billion, CPP Investments is a professional investment management organization that globally invests the funds of the Canada Pension Plan (CPP) to help ensure long-term sustainability. The CPP Fund is projected to reach $3 trillion by 2050. CPP Investments invests in all major asset classes, including public equity, private equity, real estate, infrastructure and fixed-income instruments, and is headquartered in Toronto with offices in Hong Kong, London, Luxembourg, Mumbai, New York City, San Francisco, São Paulo and Sydney.
CPP Investments attracts and selects high-caliber individuals from top-tier institutions around the globe. Join our team and look forward to:
- Diverse and inspiring colleagues and approachable leaders
- Stimulating work in a fast-paced, intellectually challenging environment
- Accelerated exposure and responsibility
- Being motivated every day by CPP Investments’ important social purpose and unshakable principles
- A flexible/hybrid work environment combining in-office collaboration and remote working
- A deeply rooted culture of Integrity, Partnership and High Performance
If you share a passion for performance, value a collegial and collaborative culture, and approach everything with the highest integrity, here’s an opportunity for you to invest your career at CPP Investments.
Job Description
We are seeking a highly skilled and experienced Lead Engineer for Identity and Access Management (IAM) to drive our IAM strategy and implementation, including the critical area of Privileged Access Management (PAM). This role will play a crucial part in ensuring that our IAM and PAM systems and processes are robust, scalable, and aligned with the overall security architecture of our organization. The ideal candidate will have deep expertise in IAM and PAM, a strategic mindset, and the ability to lead and influence cross-functional teams.
Key Responsibilities:
- Lead the design, development, and execution of both the IAM and PAM strategies, ensuring they align with the organization's security objectives and business goals. Provide leadership and guidance to the IAM and PAM teams.
- Design and implement architectures for IAM and PAM that support secure and efficient management of identities and privileged access across all systems and applications. Ensure these architectures align with industry best practices and regulatory requirements.
- Continuously assess and improve IAM and PAM processes, procedures, and infrastructure to ensure they are effective, efficient, and compliant. This includes automation of IAM and PAM controls and processes where applicable.
- Conduct and oversee IAM and PAM assessments of technology, processes, and vendors to identify gaps against established standards. Implement necessary controls to protect information systems and vital assets.
- Lead the implementation and ongoing management of PAM solutions, including tools like CyberArk, to secure, control, and monitor access to critical systems and data.
- Work closely with other security architects, IT application solution architects, and key strategic vendors to plan, design, and challenge the IAM and PAM security of applications that support cross-functional business needs.
- Drive the planning and execution of the IAM and PAM technology roadmap, including evaluating and integrating new technologies that enhance our capabilities in these areas.
- Create, maintain, and enforce IAM and PAM standards, ensuring they are consistent with industry guidelines, best practices, and organizational requirements. Provide consulting support to internal projects as needed.
Qualifications
Education:
- Undergraduate degree in Technology, Data Science, Business, Finance, or a related discipline is required; a post-graduate degree is a plus.
- Relevant industry certifications, such as CISSP, ISSAP, CCSP, SABSA, or other recognized Information Security certifications, are highly desirable.
Professional Experience:
- Minimum of 10 years of experience in information and cybersecurity, including strategy design, implementation, and monitoring.
- At least 5 years of experience specifically in IAM architecture.
- Experience providing strategic guidance in a large consulting organization is a plus.
- Deep technical or operational experience in IAM and cybersecurity, with broad knowledge across various security disciplines such as vulnerability management, access management, cloud security, and risk management.
- Experience with security frameworks like NIST CSF and a variety of security technologies.
Additional Skills:
- Extremely effective communicator with strong written and oral communication skills, capable of engaging with both technical and non-technical stakeholders.
- Ability to present complex technical concepts to a diverse audience, ensuring clarity and understanding.
- Effective at building and fostering professional relationships, influencing peers, and working collaboratively across different levels of the organization.
- Proven ability to manage multiple complex engagements simultaneously and prioritize tasks effectively.
At CPP Investments, we are committed to diversity and equitable access to employment opportunities based on ability.
We thank all applicants for their interest but will only contact candidates selected to advance in the hiring process.
Our Commitment to Inclusion and Diversity:
In addition to being dedicated to building a workforce that reflects diverse talent, we are committed to fostering an inclusive and accessible experience. If you require an accommodation for any part of the recruitment process (including alternate formats of materials, accessible meeting rooms, etc.), please let us know and we will work with you to meet your needs.