Senior Manager, Privileged Identity & Access Controls

Company: CGL
Department: 0
Employment Type: Regular Full-Time
Work Model: Hybrid
Language: This role operates in English.
Additional Information: This/these role(s) is/are currently vacant

We are a leading Canadian financial services co-operative committed to being a catalyst for a sustainable and resilient society and our team is essential to deliver on this strategy.  That’s why we prioritize our people, to ensure we provide a strong culture and development opportunities which enables our team to thrive and to live our purpose.  The best part is that you will work with people that care passionately about you, our clients and our communities.

Our Information Technology team aspires to be a leader in applying technology to power business strategies. We connect concepts with solutions to create value and efficiencies for our clients, employees, and communities. Our success is driven by our skilled and diverse team who are passionate about excellence, innovation, and agility.

This role reports to the AVP, Identity & Access Management and ensures a consistent, governed, and risk-based approach to managing both privileged access and broader access management capabilities across the enterprise. The position safeguards the integrity of our access environment by defining, governing, and overseeing how privileged identities, elevated entitlements, and general access controls—including Single Sign-On (SSO) and Multi-Factor Authentication (MFA)—are managed across technology platforms.

The Senior Manager is accountable for the design, governance, implementation, and operation of enterprise privileged access capabilities, as well as the development and centralization of access management services. This includes securing administrative accounts, service and application identities, secrets, elevated entitlements, and building unified SSO and MFA solutions across on-premises, cloud, and application environments.

The incumbent will collaborate with Technology, Security, Risk, and Audit stakeholders to build mature PAM and Access Management services aligned with organizational standards, policies, and IAM priorities. This role provides domain leadership for both privileged and general access capabilities, ensuring services are delivered securely, reliably, and at scale.

The successful candidate will lead initiatives to reduce fragmentation, improve standardization, and drive adoption of centralized PAM and Access Management technologies and practices, supporting the evolution toward a unified, enterprise-wide identity and access management model.

• Leverage deep expertise in Privileged Access Management (PAM), access security, and technical leadership to build, lead, and scale a high‑performing engineering team.
• Balance strategic direction with execution discipline to deliver secure, compliant, and user‑centric privileged access solutions.
• Own the Access Security and Privileged Identity program—including PAM, Single Sign‑On (SSO), and Multi‑Factor Authentication (MFA)—from strategy through implementation and ongoing operations.
• Define and maintain a program roadmap aligned to enterprise IAM strategy, technology standards, and risk appetite.
• Provide technical leadership and oversight for the design, integration, and operation of PAM, SSO, and MFA capabilities across on‑premises, cloud, and application environments.
• Lead efforts to consolidate and modernize fragmented PAM/SSO/MFA tools and processes into standardized, resilient, centrally managed access security services.
• Identify and manage technical risks, service gaps, and technical debt within the Access Security domain.
• Collaborate with Architecture. Security and Technology teams to ensure alignment with enterprise security and technology standards.
• Partner with Infrastructure, Cloud, Application, and business teams to support risk‑based access decisions and secure operational outcomes.
• Provide expert input into enterprise risk, audit, and regulatory activities related to access security.
• Lead and develop technical staff responsible for delivering and operating privileged access and authentication controls.
• Manage vendor relationships and incorporate product roadmaps into planning and delivery.
• Oversee the architecture, design, and implementation of PAM solutions using enterprise‑grade technologies (e.g., Delinea, CyberArk, and other modern PAM platforms).
• Ensure alignment with Zero Trust principles and regulatory frameworks (e.g., OSFI, SOC, NIST).
• Provide technical guidance for integration with identity providers (Entra ID, Okta), SIEM/SOAR, ITSM, DevOps, and cloud platforms.
• Drive operational excellence in PAM lifecycle management, privileged session monitoring, credential vaulting, and access governance.
• Lead design and integration of Secrets Management solutions (e.g., HashiCorp Vault) to secure non‑human identities, service accounts, and application credentials.
• Oversee implementation and governance of Public Key Infrastructure (PKI) for certificate lifecycle management and integration with authentication and PAM systems.
• Lead incident response and remediation activities related to privileged access threats or audit findings.

• You build trusting relationships and provide feedback to enable the successful development of your team and colleagues.
• You foster innovation and continuous improvement with a focus on client experience.
• You facilitate the adoption of change and create a high-performance culture through alignment of your team’s work with organizational goals.
• You successfully convey messages and demonstrate openness to exploring alternative points of view.
• You use critical thinking to guide decision making.

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or equivalent experience.
• 10+ years of experience in cybersecurity or IT, with at least 5 years focused on enterprise‑scale PAM programs.
• 3+ years of people leadership or technical leadership experience guiding engineering or architecture teams.
• Expert knowledge of Cloud Security, Identity Governance & Administration (IGA), Privileged Access Management (PAM), Authentication & Authorization, Azure, and Directory Services.
• Deep understanding of IAM frameworks, methodologies, and best practices used in regulated financial institutions.
• Proven hands-on experience administering and managing enterprise PAM platforms (e.g., Delinea, CyberArk, or comparable PAM solutions).
• Demonstrated success leading large-scale PAM deployments, migrations, or modernization initiatives in complex, regulated environments.
• Strong knowledge of regulatory and compliance frameworks including OSFI, PCI-DSS, SOC, NIST, and other industry standards.
• Proficiency in scripting (PowerShell, Python) and experience with PAM platform APIs for automation and integrations.
• Experience with major IAM platforms (e.g., SailPoint, Okta, Delinea) and security ecosystems (SIEM, SOAR, ITSM, DevOps, cloud infrastructures).
• Professional certifications in PAM (e.g., Delinea, CyberArk) preferred.
• Hands-on experience with advanced PAM capabilities: privileged session management, credential vaulting, endpoint privilege management, and just‑in‑time (JIT) / just‑enough‑access (JEA) models.
• Experience with Secrets Management tools (e.g., HashiCorp Vault, CyberArk Conjur, AWS Secrets Manager) for securing non-human and application identities.
• Experience integrating PAM with cloud providers (Azure, AWS, GCP) and DevOps/automation pipelines.
• Strong understanding of PKI, certificate lifecycle management, credential issuance, and integration with authentication and PAM systems.
• Working knowledge of Active Directory, Entra ID, Linux/Windows platforms, and modern authentication standards (FIDO2, OIDC, SAML, passwordless, MFA).
• Relevant cybersecurity certifications (CISSP, CISM, CISA,) preferred.
• Excellent communication, influencing, and stakeholder management skills, including executive-level reporting and presentation experience.

• You will be subject to a Background check as a condition of employment, in the event you are the successful candidate.

• Training and development opportunities to grow your career.
• Flexible work options and paid time off to support your personal and family needs.
• A holistic approach to your well-being, with physical and mental health programs and a supportive workplace culture.
• Paid volunteer days to give back to your community.
• In addition to our competitive salary and incentive programs, eligible employees also benefit from a comprehensive total rewards package including group retirement savings plans, pension and benefits (e.g., health and wellness, dental, disability and life coverage), mental health support and an employee assistance program.

Expected salary range : $114,021 - $164,000+

​The salary amount for the successful candidate is determined by Co-operators in its discretion and will vary depending on several criteria including but not limited to: local market conditions, geography and relevant job-related factors such as knowledge, skills, qualification, experience and education.​​

Employees may also have the opportunity to participate in incentive programs and earn additional compensation tied to individual and/or business performance, or other business metrics.