Senior CIAM Security Engineering Lead (10+ years) to provide strategic leadership for enterprise CIAM modernization using ForgeRock, Ping Identity, and Jav

Our financial services client is seeking a Senior CIAM Security Engineering Lead (10+ years) to provide strategic leadership for enterprise CIAM modernization using ForgeRock, Ping Identity, and Java-based platforms- 40617

Join a team driving the modernization of customer identity and access management solutions impacting millions of digital users across a global banking environment. This role provides strategic oversight of CIAM engineering, architecture, and platform delivery while ensuring alignment with enterprise security and regulatory frameworks. The position offers visibility across engineering, product, risk, and operations functions, influencing identity strategy at scale. It represents a high-impact opportunity to shape secure, customer-centric authentication experiences across all digital channels.

Contract, Toronto, Hybrid - 2 days a week on site

Duration: ASAP until Oct 31- High Chance of Extension

Hours: 37.5 Hours Per Week

Candidate Requirements/Must Have Skills:

1. 10+ years of progressive experience leading and overseeing the design, implementation, and modernization of enterprise‑scale platforms built on Java/J2EE, Spring Framework, Node.js, RESTful APIs, event‑driven architectures (Kafka), and cloud‑based data services.

2. 5+ years of deep experience providing technical leadership for CIAM platforms, including ForgeRock (AM, IDM, DS) and Ping Identity (PingFederate, PingAccess, PingDirectory), with exposure to Okta and other SaaS IAM providers considered an asset.

3. Expert‑level understanding of identity and access management protocols and standards, including OAuth 2.0, OpenID Connect, SAML, LDAP, and their application across enterprise and customer identity use cases.

4. Demonstrated ability to define IAM and CIAM architectures for hybrid and cloud environments (AWS, Azure, GCP), ensuring scalability, resilience, and alignment with enterprise security strategy.

5. Strong foundation in cybersecurity principles, risk management, and regulatory compliance, with the ability to align IAM decisions to the Bank’s risk appetite and control frameworks.

Nice-To-Have Skills:

1. Strategic oversight of identity federation, SSO, MFA, and adaptive authentication solutions, ensuring secure, consistent implementations across channels and regions.

2. Leadership experience in DevOps and Infrastructure‑as‑Code practices (e.g., Terraform), enabling standardized, repeatable, and secure IAM deployments.

3. Proven leadership in CI/CD and deployment automation, governing engineering standards and release practices using Jenkins, cloud‑native deployment frameworks (GCP/Azure/AWS), and DevOps tooling.

Responsibilities

• Provide strategic leadership and direction for CIAM engineering and platform delivery aligned to enterprise security strategy
• Own the CIAM capability roadmap and oversee platform design, evolution, and continuous improvement
• Establish and govern CIAM architecture and frameworks compliant with security and regulatory standards
• Set standards for identity federation, SSO, MFA, OAuth2/OIDC flows, and API-based integrations
• Oversee onboarding of digital channels onto CIAM platforms ensuring secure, scalable implementations
• Lead risk assessments and technical reviews for CIAM integrations ensuring appropriate mitigations
• Collaborate with senior stakeholders across engineering, product, security, and operations to drive adoption and resolve dependencies