IDENTITY AND ACCESS MANAGEMENT ENGINEER

IDENTITY AND ACCESS MANAGEMENT ENGINEER

WINNIPEG, MB

• Competitive salary and benefits package.
• Defined-benefit pension plan.
• Nine-day work cycle which normally results in every other Monday off, providing for a balanced approach to work, family life and community.
• Flex-time and partially remote work schedule (providing the option to work remotely 3 days per 2 week period), depending on nature of work, operational requirements and work location.

• Lead the corporate Identity and Access Modernization Program: Lead the selection and development of technology-based tools and/or methodologies to review, design and/or implement products and services to support the modernization of Manitoba Hydro's IAM environment. Deliver IAM modernization roadmap and update policies, standards procedures and requirements for implementation. Identify the requirements to address impact of current decisions related to user access, data access and information security.  
• Lead IAM Modernization Program Implementation: Lead an IAM vendor selection process, evaluate existing and emerging technologies and tools in the selection of an IAM service offering for Manitoba Hydro. Develop procurement, implementation and long-term sustainment strategies including resource requirements to support a modern IAM environment. Coordinate execution of implementation plans to upgrade IAM systems across the corporation. Work with project management and technical resources to support the implantation of the roadmap. Provide ongoing management status reporting to include accomplishments, plans for upcoming activities and overall completion status on a regular basis ensuring all milestones and deliverables are achieved within communicated deadlines.
• Lead corporate IAM strategy and design architecture: Collaborate with IT and OT infrastructure access control designers to develop guidelines, policies, strategy and operating procedures for a modern IAM applications and platforms environment. Balance access with compliance and confidentiality and business requirements, identify and evaluate complex business and technology risks, internal controls to mitigate risks, and related opportunities for internal control improvement. Create corporate guidelines to support the lifecycle management of all IAM technologies and its associated infrastructure working closely with implementation teams in IT and OT. Align IAM processes across the organization and develop and document standards for organizational use of IAM-related technologies.
• Support modern IAM technology, strategy and governance: As a recognized subject-matter-expert on all IAM disciplines, provide design support for identity governance and administration, (IGA), Access Management, (SSO, MFA), privileged access management and identity verification, (ID Proofing, etc.) to access control operations within IT and OT. 
• Support cyber security operations where required: Support cyber event incident response and recovery as part of the Incident Response Team. In the event of a significant cyber security incident, you may be called to support response activities at any time during a 24-hour period to assure Manitoba Hydro system security and reliability.  
• Provide assistance on IAM-related cybersecurity programs including (but not limited to): Threat intelligence, policy management, incident response and disaster recovery, forensic investigation support and application security. 

• Graduate in Engineering from a university of recognized standing, plus a minimum of seven years related experience, including two years related experience in Cyber Security, Operational Technology, or Information Technology Infrastructure support.
• Member in good standing with Engineers Geoscientists Manitoba.
• Possess an understanding of Cyber security concepts, controls, frameworks and standards including NIST and ISO. Knowledge of ICS Cyber Security Risk Management and NERC Critical Information Protection (CIP) Standards, Programs and Procedures, CIP infrastructure components and CIP cyber assets. Familiarity with compliance standards, evidence requirements and understanding audits and assessments.
• Identity management familiarity in one or more of the following areas: single sign-on (SSO), data management, identity federation, enterprise directory architecture and design, including directory schema, directory services, namespace and replication topology experience, resource provisioning, ITIL, and process integration. Identity and access governance includes role-based access control, access request and certification, user life cycle management processes, and organizational change management. 
• Experience with administrating authentication technologies, such as Microsoft Active Directory/Windows authentication, OpenLDAP, Shibboleth, SimpleSAMLphp, Kerberos, OpenID Connect, OAuth, SAML, SCIM, Azure AD, and federated identity management. 
• Expert understanding of web security standards, architecture, web security best practices and application security best practices. 
• Certification in Information Assurance Management, Certified Information Systems Security Professional, and/or Certified Information Security Manager is considered an asset.
• Strong written and verbal communication skills with a demonstrated ability to communicate effectively, deliver reports, recommendations, and presentations, and the ability to build and maintain harmonious working relationships with staff across the enterprise at all levels.
• Excellent organizational and interpersonal skills, including facilitation, and negotiation. 
• Demonstrated creativity in resolving complex information technology issues, implementing new processes and products and redesigning work processes. 
• Demonstrated initiative, and ability to prioritize, and achieve results in a timely manner.
• Possess good analytical skills, be self-motivating, and possess mature judgment with the ability to make and implement sound decisions.
• Possess a valid Province of Manitoba Driver's Licence.
• Must obtain and maintain a current Personnel Risk Assessment and a "Clear" security rating in accordance with Manitoba Hydro policy P513.
• Must complete Manitoba Hydro Standards of Conduct training.
• Critical Infrastructure Protection (CIP) Training is required and must be completed prior to transfer date and renewed annually.