Sr. IAM Specialist with expertise in Cryptographic, Enterprise Identity & Privileged access systems for our payments client

Sr. IAM Specialist with expertise in Cryptographic, Enterprise Identity & Privileged access systems for our payments client

Type: Permanent/FTE

Location: Etobicoke (Hybrid, 3x/week)

Reporting Relationship: You will report to the Senior Manager, Identity, Access and Secret Management

We are seeking an experienced IAM Specialist to secure and advance our client's enterprise identity, cryptographic, and privileged access ecosystems. This role blends hands-on engineering with governance, architecture support, and controls alignment across cloud and on-premises environments.

Overview:

• Design, maintain, and operationalize cryptographic architecture across payment, cloud, and IAM ecosystems, including key lifecycle management (generation, rotation, archival, destruction) following dual-control and split-knowledge principles.
• Integrate and support HSM infrastructure, developing utilities and workflows using HSM SDKs/APIs to enable CKMS functions and secure payment cryptographic operations including P2PE domain components.
• Govern enterprise PKI platforms (CyberArk ZTPKI) and drive certificate lifecycle automation using Venafi or equivalent tooling.
• Lead the adoption and governance of enterprise Secrets Hub capabilities, enabling centralized secret synchronization, policy enforcement, and automated secret distribution across multi-cloud platforms.
• Champion code signing workflows to ensure software authenticity, integrity, and supply chain security across cloud and on-premises environments.
• Support the modernization and ongoing operations of PAM and secrets management platforms, including CyberArk Privileged Cloud, Secrets Manager, and GitHub Actions integrations.
• Perform security design reviews, maintain cryptographic patterns and guardrails, and provide crypto consulting to engineering, architecture, and compliance teams.
• Ensure all cryptographic and access controls align with PCI DSS, PCI PIN, PCI P2PE, and PCI MPoC standards; support regulatory assessments, audit evidence collection, and control remediation activities.
• Improve IAM operational processes including break-glass workflows, identity incident playbooks, and access remediation, with hands-on maintenance of identity platforms such as Entra ID, SailPoint, and CyberArk

Must Haves:

• 5-7 years of hands-on experience in IAM, cryptography, or security engineering in a complex enterprise environment.
• Proven experience with HSMs, cryptographic key management, and key ceremony documentation and procedures.
• Working knowledge of IAM fundamentals: authentication, federation, SSO, directory services, privileged access, and secrets management.
• Hands-on experience with relevant platforms such as CyberArk, Venafi, and HashiCorp Vault.
• Solid understanding of PCI security standards (PCI DSS, PIN, P2PE, MPoC) and their operational implications.
• Experience in payment cryptography or financial services environments is strongly preferred.
• Familiarity with CI/CD pipelines, automated secrets patterns, and cloud IAM platforms (Azure Entra ID, AWS IAM, or GCP IAM).
• Strong documentation discipline with the ability to translate technical designs into clear operational procedures and specifications.
• Certifications such as CISSP, CCSP, PCI ISA, or equivalent IAM/cryptography-focused credentials are an asset.