Title: Senior Identity Management Specialist Work Hours: Full-Time (37.5 hours per week) Duration: 16 months (December 31, 2027) Optional Extension: 6 months Security Clearance: Consultant must have the ability to obtain: Secret Status (required) – processed by the CLIENT if selected to hire ) (Consultant must reside in Canada for a minimum of 5 years to be eligible to apply for Bank of Canada Secret Security Clearance.) Work Location: Hybrid (required 12 days on-site per month) Describe: The Bank is willing to accept a Consultant who cannot be on-site for the twelve (12) days per month, however, the Bank will require them to be on-site from time-to-time. The Bank will not be responsible for any travel and living expenses incurred by the Consultant.

JOB DESCRIPTION: The Consultant will be responsible for providing the following Services to the Bank: Under the direction of the Assistant Director, Cyber IAM Access Control: • Design and implement identity solutions leveraging Microsoft Entra ID, including RBAC, Conditional Access Policies, and identity governance capabilities • Implement and integrate secure authentication mechanisms using OAuth2, OpenID Connect, SAML, LDAP, and Kerberos across hybrid environments • Implement and support Privileged Identity Management (PIM) and Just-in-Time (JIT) access models, ensuring least-privilege and segregation of duties • Design and enforce multi-factor authentication strategies, including strong MFA methods and risk-based access policies • Integrate Active Directory and Cloud Identity Services (Entra ID), supporting enterprise authentication patterns • Build and integrate identity capabilities into CI/CD pipelines (Azure DevOps or equivalent), ensuring secure delivery and automation of IAM services • Develop integrations using REST APIs, Microsoft Graph, and identity provisioning patterns (SCIM or equivalent) • Implement and manage service accounts, manage identities, and certificate-based authentication patterns • Leverage Azure services (Key Vault, RBAC, Managed Identities) for secrets and identity security • Contribute to identity patterns for machine identities and AI agent scenarios where applicable • Author technical specifications and implement secure, scalable IAM solutions aligned with enterprise architecture • Provide technical guidance to team members, conduct knowledge transfer, and collaborate with cross-functional stakeholders • Stay current with IAM trends and contribute to evolving enterprise identity strategy • Support the development and maintenance of processes and documentation • Other related activities and deliverables as required

Required Qualifications & Skills: The Consultant should have the following qualifications and skills: • University degree in computer science, engineering, cyber security, or related field • A minimum of seven (7) years in software engineering or DevOps • A minimum of three (3) years in Identity and Access Management • Demonstrated strong expertise in Microsoft Entra ID (Azure AD), including roles, permissions, and identity management concepts • Demonstrated hands-on experience implementing and managing Conditional Access policies • Demonstrated experience with Privileged Identity Management (PIM) and just-in-time access controls • Demonstrated experience with Identity Governance and Administration (IGA) capabilities including access lifecycle and entitlement management • Demonstrated strong understanding and implementation experience with OAuth2, OpenID Connect, SAML, LDAP, and Kerberos authentication protocols • Demonstrated experience implementing multi-factor authentication (MFA) and strong authentication methods in enterprise environments • Demonstrated strong understanding of hybrid identity architectures integrating Active Directory with cloud identity providers • Demonstrated hands-on experience with Azure services including RBAC, Managed Identities, and integration with identity platforms • Demonstrated experience with CI/CD pipelines and DevOps practices, preferably with Azure DevOps or equivalent platforms • Demonstrated experience developing and integrating REST APIs, including Microsoft Graph API • Demonstrated strong experience scripting and automation skills using PowerShell, Python, or JavaScript • Demonstrated experience implementing or managing service accounts, workload identities, or certificate-based authentication • Demonstrated understanding of modern identity security principles including Zero Trust and least privilege access models • Demonstrated ability to produce clear, well-organized, business-consumable documentation • Demonstrated strong analytical and problem-solving skills with the ability to make sound technical decisions • Demonstrated strong communication and stakeholder engagement skills in a cross-functional environment • Demonstrated ability to collaborate effectively within teams and provide technical guidance when required

Additional Qualifications: The following will also be considered: • Demonstrated experience with certificate lifecycle management platforms • Demonstrated experience in public sector or large enterprise environments • Demonstrated Familiarity with identity-based access control solutions in hybrid environments