Secret clearance required (must reside in Canada 10+ years to be eligible)
Your future duties and responsibilities:. Participate in all phases of the project life cycle to support the design and implementation of PAM modernization and secrets management architecture for internal applications.
. Collaborate with application and infrastructure peers to deliver highly available credential retrieval services using CyberArk Credential and Central Credential Provider (CP/CCP) and/or Azure Key Vault.
. Act as the primary technical authority and perform planning activities leading to the solution architecture of the client's Privileged Access Management (PAM) platforms, focusing on CyberArk (Privilege Cloud).
. Analyze the current privileged identity solution environments to identify deficiencies and opportunities for simplification, scalability, and alignment with Zero Trust principles.
. Define and document the solution architecture structure and deployment of PAM components for session isolation, auditing, recording, JIT, risk, and secret rotation.
. Support secure authentication integration with Microsoft MFA, FIDO2, and certificate-based methods.
. Work closely with Subject Matter Experts to confirm the detail design of each solution component and integration among components; as well as coordinate the implementation of the detail design
. Develop and document repeatable integration patterns and architectural reference models for application teams.
. Troubleshoot and resolve complex PAM and IAM issues across cross-functional environments in a timely manner.
. Provide knowledge transfer, best practices, and recommendations to strengthen PAM and secrets management governance and operational efficiency.
. Work with the client's Enterprise Architecture group to apply client standards
. Work with the client's Cyber Security group to apply client Cyber Security standards
. Present and seek approval for proposed design from the client's different governing bodies
. Other related activities and deliverables as required.
. University degree or college diploma in Computer Science, Information Security, or a related field.
. Minimum of ten (10) years of relevant work experience in Identity and Access Management (IAM) with a focus on Privileged Access and Secrets Management.
. Minimum of five (5) years of direct hands-on experience architecting, implementing, and operating CyberArk Privileged Privilege Cloud.
. Minimum of five (5) years of direct hands-on experience architecting, implementing, and operating Azure Privileged Identity Management and Azure Key Vaults.
. Demonstrated expertise with CyberArk components, including Vault, CPM, PSM, SIA, CP/CCP.
. Demonstrated experience with CyberArk migration projects (on-prem to cloud, or multi-tenant deployments).
. Strong knowledge of secure authentication methods including SAML. OIDC, FIDO2/WebAuthn, and PKI.
. Strong understanding of privileged session recording, monitoring, and compliance requirements.
. Demonstrated ability to design and implement Role-Based Access Control (RBAC) frameworks, particularly for internally developed applications.
. Strong technical knowledge of containers (Docker/Kubernetes), networking, and web services protocols such as REST and SOAP, as well as API design and integration using JSON/XML.
. Ability to produce clear, concise, and business-ready documentation tailored to technical and non-technical audiences.
. Strong analytical and problem-solving skills, combined with effective negotiation and communication skills.
Additional Skills – Nice to have
. Demonstrated experience with Agile and DevOps
. Demonstrated knowledge of Cyber Security certifications (CISSP, GIAC, etc.)
. Demonstrated experience in the banking industry and/or government organizations
. Experience with identity governance and integration with SailPoint or Microsoft Entra ID.
CGI is providing a reasonable estimate of the pay range for this role. The determination of this range includes factors such as skill set level, geographic market, experience and training, and licenses and certifications. Compensation decisions depend on the facts and circumstances of each case. A reasonable estimate of the current range is $105,000–$155,000. This role is an existing vacancy.
#LI-KM1
Use of the term ‘architect’ in this job posting refers to the technical sense related to Information Technology (IT) and does not imply that the individual practices architecture or possesses the requisite license as prescribed by the applicable provincial or territorial architect regulator. We are seeking individuals with expertise in IT architect-related functions, but licensure from an architect regulator is not a prerequisite for this position. Architecture is a regulated profession in Canada which is restricted in terms of use of titles and designation.
Skills: Data MigrationEnglishIdentity and Access Mgt (IAM)French What you can expect from us:Together, as owners, let’s turn meaningful insights into action.
Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, you’ll reach your full potential because…
You are invited to be an owner from day 1 as we work together to bring our Dream to life. That’s why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company’s strategy and direction.
Your work creates value. You’ll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise.
You’ll shape your career by joining a company built to grow and last. You’ll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons.
At CGI, we value the strength that diversity brings and are committed to fostering a workplace where everyone belongs. We collaborate with our clients to build more inclusive communities and empower all CGI partners to thrive. As an equal-opportunity employer, being able to perform your best during the recruitment process is important to us. If you require an accommodation, please inform your recruiter.
To learn more about accessibility at CGI, contact us via email. Please note that this email is strictly for accessibility requests and cannot be used for application status inquiries.
Come join our team—one of the largest IT and business consulting services firms in the world.