Security Engineer

Location: Winnipeg or Toronto

IGM Financial Inc. is one of Canada's leading diversified wealth and asset management companies with approximately $271 billion in total assets under managements. The company provides a broad range of financial planning and investment management services to help more than two million Canadians meet their financial goals. Its activities are carried out principally through IG Wealth Management and Mackenzie Investments

Under IGM Financial's unique business model based on leading brands and multi-channel distribution strategy, we’re IG Wealth Management. For over 90 years of business, we have grown to become one of the largest most respected companies in Canada. We are a leader in providing the best advice, experience and outcomes for our clients, personalized throughout their lifetime.

At IG Wealth Management, our vision is to inspire financial confidence.

This is your opportunity to build a career with a leading organization where you can learn, grow and thrive both professionally and personally. We are proud to be recognized as one of Canada’s Top Employers by Mediacorp Canada Inc. for empowering our employees with the tools to thrive while working remotely, while also providing resources to ensure physical and mental wellness were put front and center.

You will join a team that believes our success starts with the success of our clients, while working together as a team to realize our greatest potential. You will join a team that strives towards excellence while developing and sharing skills and knowledge. You can make a difference for our clients, the world around us and be part of a team that cares. We are dedicated to offering a hybrid work environment when applicable.

IG Wealth Management is a diverse workplace committed to doing business inclusively - this starts with having a representative workforce! We encourage applications from all qualified candidates that represent the diversity present across Canada – including racialized persons, women, Indigenous persons, persons with disabilities, 2SLGBTQIA+ community, gender diverse and neurodiverse individuals, as well as all who may contribute to the further diversification of ideas.

Roles and Responsibilities:

As a member of the Infrastructure delivery team at IGM, you will be joining a highly collaborative group with many years of experience in Security Engineering delivering innovative solutions for both our clients, advisors and employees through the use of insights and cutting edge technology.

This Role will be responsible for leading, implementing, and supporting the security design configurations and plays an integral role in protecting IGM’s digital platforms across multi cloud environments. The role is also responsible for analyzing existing cloud capabilities and controls and creating new and enhanced security solutions. The ideal candidate is passionate about all aspects of Security with strong skills in Zero Trust implementations.

The successful candidate will have the following responsibilities:

• Deep knowledge of Microsoft M365 platform including Azure Active Directory Identity Protection, Microsoft Defender, Exchange Online Protection, Azure Identity Protection, Data Loss Prevention, Sensitivity Labels, Advanced Threat Protection, Microsoft Intune and Conditional Access Policies, etc.
• Hands-on experience in implementing Information and Cyber Security in multi-cloud platforms including GCP, Azure and AWS.
• Hands-on experience with Microsoft Azure platform including Azure Sentinel, Microsoft Cloud App Security, Microsoft 365 Security Centre, Microsoft Security & Compliance Centre, etc.
• Hands-on experience in implementing security hardening in cloud-based systems, network, endpoint and cloud infrastructure
• Build technical solutions and security tools to help mitigate security vulnerabilities and automate repeatable tasks
• Deliver subject matter expertise of Office 365 with emphasis on security, architectural design, migration, management and support of implementations
• Provide overall Office 365 security expertise including strong knowledge of Azure Active Directory, Azure Information Protection, Microsoft Enterprise Mobility + Security, SharePoint and OneDrive Security and related technologies
• Develop and implement the overall AD design based on organizational requirements such as AD forest, domains, organizational unit (OU) structures and Establish trust relationships between domains and forests if required
• Implement and maintain DNS (Domain Name System) for AD, Configure and manage Group Policies to enforce security settings and configurations
• Subject matter expert of Azure AD Zero Trust components implementation – Single Sign-On, Conditional Access (SAML, OAuth, etc.), MFA, Azure AD proxy, device authentication and health validation, least privilege access, etc.
• Strong skills in Microsoft’s advanced security and networking services like ExpressRoute, Key Vault, Active Directory, Sentinel, and DDoS Protection to support dynamic and immutable Azure Cloud infrastructure
• Strong security knowledge and experience in the below areas:
  • Office 365 tenant
  • Exchange Online Protection
  • SharePoint Online
  • OneDrive for Business
  • Intune (Conditional Access \ MDM \ MAM)
  • Clients (Outlook, Outlook for Mac, IMAP, POP3, Mobile Devices)
  • Permissions (Tenant \ Security & Compliance Center \ Exchange Online)
  • Data Loss Prevention, Archiving, eDiscovery and Compliance
  • Strong PowerShell scripting skills
• Strong skills in documenting system configurations, standards and procedures
• Create and update technical project documentation (i.e. technical and configuration runbook, implementation plan, etc.)
• Document detailed design and define technical solutions that consider the enterprise architecture strategies, current state environment and constraints
• Lead and participate in ongoing Office 365 security and strategy discussions
• Identify opportunities for efficiencies by leveraging automation and other techniques
• Prepare change requests, plan and coordinate all implementations for production and non-production environments
• Provides development and L2/L3 production support along with other team members.
• Collaborates effectively with the development teams to work on and assess defects
• Stay current of all things Office 365, including changes and updates, roadmap, releases, and third-party solutions.

In Scope Key Candidate Skills

• Infrastructure as Code
• ATP
• Host and End-point Security
• CASB
• Active Directory and Azure/Entra Active Directory
• GCP
• AWS
• IAM
• PAM
• MFA
• Enterprise and Integrated DLP, Rights Management
• PKI – Internal / External
• Encryption and Key Management including HSM
• Email Security
• Management and Automation Tools
• Configuration Management
• Logging, Monitoring and SIEM tools
• Threat prevention and extraction

The successful candidate will demonstrate the following core competencies and experience:

• 6 + years of hands on working experience in the participation of engineering and design of IaaS/PaaS/SaaS platforms
• Passionate about evangelizing standards around application and infrastructure security
• Strong core foundation experience in fundamental cloud technologies and services
• Education at the bachelor or master level in Computer Science or equivalent technology related experience
• Excellent knowledge and relevant experience in security domains related to Identity and Access Management, Data Security and Loss Prevention, End Point Protection, Cloud security, Vulnerability and Threat Management, etc.
• Strong knowledge of Infrastructure Security (Perimeter Security, Network Solutions, hardening etc.), Security of cloud-based services and applications
• Experienced with security and risk control frameworks related to cloud, including CSA, CIS, NIST, etc.
• Superior problem solving and decision-making skills to resolve work issues with the ability to work under pressure in a dynamic environment
• Highly self-motivated, self-directed and attentive to detail
• Strong communication (verbal/written) and good interpersonal skills to build relationships with internal and external business partners and vendors
• Strong desire to implement change and contribute to the organization
• One or more industry recognized information security professional designations (e.g. CISSP, CISA, etc.) is an asset
• Experience with implementing Privileged Access Management products or solutions to large enterprise organizations is an asset
• Knowledge of the Financial Services industry is a definite asset

In addition, the following competencies would be highly valued and considered more favorably:

• Relationship Management:
  • Proven ability to establish and build healthy working relations and partnerships with clients, vendors and peers
  • Possess effective communication and interpersonal skills, and executive presence
  • Highly credible with senior executives while also able to connect and build trust- based relationships with stakeholders at all levels of an organization
  • Gain commitment, trust and support from others and will be able to sell ideas inside and outside the organization
• Influence & Focus:
  • Ability to focus/align the organization around critical initiatives, best practices and guiding principles
  • Exceptional influencing skills and will work transparently and cooperatively with the cross-functional teams, effectively engaging all pertinent stakeholders, both internal and external
• Versatility and Resilience:
  • Able to oversee multiple projects and excel in a complex and evolving portfolio
  • Demonstrate appropriate flexibility in all situations and will be comfortable with ambiguity, while pivoting from macro to micro issues, from shaping the technology, innovation, digital, and strategy agenda through to the day-to- day details of operations and compliance issues
• Integrity:
  • Adhere to the highest standards of personal and professional integrity and will set a positive example for others
• People Management:
  • Provide leadership and effective management of staff
  • Accountable to influence employee commitment to the organization, to the team, and to their job
• Adaptability:
  • Should be flexible and able to adapt to changes or issues that may arise.
• Attention to Detail:
  • Should have a keen eye for detail to ensure that all aspects of the solution are considered, and nothing is overlooked.
• Time Management:
  • Should be able to manage their time effectively to ensure that deadlines are met.
• Determination:
  • The successful candidate will not be afraid to challenge the status quo
  • Exhibit a mindset of creativity, determination, and an energetic drive to succeed
  • Have a proven track record of setting and meeting aggressive goals and action plans, both as an individual and with a team
  
  

Please visit our career page by clicking on the following link: https://www.ig.ca/en/careers

We thank all applicants for their interest in IG Wealth Management; however only those candidates selected for an interview will be contacted.

IG Wealth Management is an accessible employer committed to providing a barrier free recruitment experience. If you require an accommodation or this information in an alternate format at any stage of the recruitment process, please reach out to the Talent Acquisition team who will work with you to meet your needs.

Please apply by April 15, 2024.

#LI-KN1

#LI-Hybrid