ISL 30R - Cloud Identity and Access Management Architect

Bring your in-depth knowledge and experience with IT change control to this opportunity.

MINISTRY OVERVIEW
Dedicated to making life better for British Columbians, the Ministry of Citizens’ Services (CITZ) delivers key services that people rely on. CITZ delivers accessible, multi-channel services, through a single-point-of-contact service approach to people in urban and rural communities through Service BC, and delivers the digital face of government at www.gov.bc.ca. CITZ also provides support for the expansion of high-speed internet connectivity throughout the province, leadership across government to modernize information management and technology resources, trusted data services to government agencies, prompt and relevant responses to freedom of information requests, and statistical and economic research, information and analysis to businesses and the public sector. In addition, the ministry manages the Province’s real estate assets, technology systems and equipment, and leverages procurement to increase business opportunities and create rewarding jobs that contribute to local economies and benefit individuals, families, and communities.

A service-focused organization, CITZ strives to be a great place to work, where all employees feel both engaged and motivated to do their best.

CONTEXT

The Cybersecurity and Digital Trust Branch is a highly specialized team which is responsible for securing the organization against the ever-evolving cybersecurity threat landscape which has five domains of responsibilities:

• IDENTIFY: Develop an organizational understanding to manage cybersecurity risks to the systems, data, people, assets, and capabilities.
• PROTECT: Develop and implement appropriate safeguards and mitigation strategies to ensure delivery of critical business services.
• DETECT: Develop and implement appropriate processes, procedures, and automated systems to detect any occurrence of a cybersecurity event/incident.
• RESPOND: Develop and implement appropriate processes, procedures, and systems to respond to any detected cybersecurity event/incident including the collection and preservation of evidence of said incident.
• RECOVER: Develop and implement appropriate processes, procedures, and systems to maintain and execute plans for systems resiliency, recovery, and restoration of any capabilities and/or services impaired by a cybersecurity event/incident.

The ADMS team as a whole provides the following identity, access and directory management critical services across the BC Government:

1. Web Access Management (Single Sign On (SSO) SiteMinder enterprise solution offering, Reverse Proxy, SiteMinder federation, Keycloak integrations, Common Logon Page, etc).
2. SSL Certificate offering and Internal Certificate Authority (ICA) provisioning.
3. BC Government Active Directory (IDIR) user and group management/governance as well as Directory Synchronization Services.
4. MS Active Directory and MS Entra ID services (ADFS, Oath/SAML 2.0 SSO integrations, SaaS SSO integrations, PIM, PAM, MFA, Azure Conditional Access Policies, Azure Intrusion Protection Policies, Azure Defender for Endpoints: Servers, Domain Controller Farm Management, etc).

JOB OVERVIEW

The Cloud Identity and Access Management Architect will be responsible for leading the implementation, maintenance and evolution of the Province’s Microsoft Azure Cloud based Identity, Access Management and Security services.
As a leader in Cloud Identity and Access Management, this role will be responsible for overseeing the management, continued evolution and adoption of Microsoft Azure Identity, Access Management and Zero Trust based services and best practices for the Province’s existing Microsoft Azure Cloud environments that house the Province’s Cloud based critical applications, data and Single Sign on (SSO) integrated services

Job Requirements:

Educational experience:

• Degree in the information security, cyber security, information systems, computer science or related field, and 6 years of recent (within last 10 years) related experience; OR
• Diploma in the information security, cyber security, information systems, computer science or related field, and 8 years of recent (within last 10 years) related experience; OR
• An equivalent combination of education, training and recent (within last 10 years) related experience may be considered.

Related experience includes ALL of the following:

• Experience supporting Identity and Access Management (IAM) services in a single sign on environment.
• 3+ years of recent experience as an Azure Technical Security Architect implementing Azure zero trust services such as (MFA, PIM, PAM, Conditional Access Policies, Guest Account Lifecycle Management, Entra ID, etc.)
• 3+ years of experience managing Microsoft Active Directory Domain Services with Microsoft Entra ID in an on-premise or hybrid cloud-based enterprise environment.
• Experience translating complex functional, technical, security and business requirements into architectural designs or plans.
• Experience working in complex information technology environments.
• Experience in creating technical documentation/ technical content.
• Experience leading Azure security services related implementation projects in an enterprise environment.

Preference may be given to candidates with any of the following:

• Experience implementing cloud security best practices in a hybrid enterprise environment.
• Experience with Microsoft Active Directory Federated Services (ADFS).
• Experience with Azure API stack.
• Experience with Azure B2B or B2C.
• Any professional certifications from Microsoft, Amazon, or other Cloud based services (e.g. AWS Certified Solutions Architect, Certificate of Cloud Security Knowledge (CCSK), Microsoft Certified Specialist Implementing Microsoft Azure Infrastructure Solutions, etc.).
• Professional designation as a Certified Information Systems Security Professional or Certified Information Security Manager, or equivalent.
• Experience with Agile Framework and Agile best practices.
• Experience with Lean, Work Breakdown Structures, Scrum/Kanban processes and Business Process Modelling.
• Experience with supervising technical staff.

Provisos

• Must be willing to be available for the support of critical incident response outside of normal business hours.

For questions regarding this position, please contact Alex.Strudwick@gov.bc.ca

About this Position:
Currently there is one permanent opportunity available.
The position headquarters will be Victoria, Vancouver, Richmond, Surrey or Prince George.
Remote work is allowed, this position can work up to full time from their home in British Columbia subject to an approved telework agreement. The locations listed above are to assist applicants in searching for this opportunity and are not a complete list of locations.
An eligibility list may be established to fill future permanent and/or temporary vacancies across the Ministry of Citizens’ Services.
Please refer to MyHR for more information on Temporary Market Adjustments.
Employees of the BC Public Service must be located in BC at the time of employment.

Working for the BC Public Service:
The BC Public Service is committed to creating a diverse workplace to represent the population we serve and to better meet the needs of our citizens. Consider joining our team and being part of an innovative, inclusive and rewarding workplace.

The Indigenous Applicant Advisory Service is available to applicants that self-identify as Indigenous (First Nations, status or non-status, Métis, or Inuit) seeking work or already employed in the BC Public Service. For guidance on applying and interviewing, please contact IndigenousApplicants@gov.bc.ca or 778-405-3452.

The BC Public Service is an award-winning employer and offers employees competitive benefits, amazing learning opportunities and a chance to engage in rewarding work with exciting career development opportunities. For more information, please see What We Offer.

How to Apply:
Your application must clearly demonstrate how you meet the job requirements listed above.

Cover Letter: NO - Please do not submit a cover letter as it will not be reviewed.

Resume: YES - Ensure your resume includes your educational accomplishments, employment history including start and end dates (month and year) of your employment, and any relevant information that relates to the job to which you are applying.

Questionnaire: YES - You will need to complete a basic questionnaire to demonstrate how you meet the job requirements.

Helpful tips, videos and more regarding the application process can be found on the Your Job Application page of MyHR. If you are experiencing technical difficulty applying, e-mail BCPSA.Hiring.Centre@gov.bc.ca, before the stated closing time, and we will respond as soon as possible.

Additional Information:
A Criminal Record Check (CRC) will be required.

Applicants selected to move forward in the hiring process may be assessed on the Knowledge, Skills, Abilities and Competencies as outlined in the attached Job Profile located at the bottom of the posting.

Applications will be accepted until 11:00 pm Pacific Standard Time on the closing date of the competition.