Current jobs related to Manager, Security, Privileged Access Management - Montreal administrative region - Intact

Our employees are at the heart of everything we do. Together, we help people, businesses, and society prosper in good times and be resilient in bad times. Our employee promise represents Intact’s commitment to you in exchange for living our Values, striving to do your best work, being open to change and investing in your career. In return, we promise to provide support, opportunities and performance‑led financial rewards at a workplace where you can shape the future, win as a team and grow with us. Flexible Work & Benefits Flexible work arrangements and a hybrid work model Possibility to purchase up to 5 extra days off per year Multiple benefits offered to support physical and mental wellbeing, including telemedicine, Wellness account and much more Share plan & other savings: up to 12% of salary or even more (ask how you could earn guaranteed income for life) Pay Salary Range (but Not Limited To): 128,300 - 156,800 Annual Bonus Target, Based On The Base Salary, With a Potential Payout Of Up To Double The Target (subject To Personal And Company Performance) 15% As part of our commitment to Win As A Team , we share our success with employees through our annual bonus plan and Employee Share Purchase Plan (ESPP) – with Intact matching 50% of your net shares. Our pension offerings provide flexibility and long‑term security for our employees beyond their careers. We are one of the few companies offering the opportunity to receive guaranteed income for life via our defined benefit pension plan. Salary for the candidate will be determined taking into consideration a number of factors including: experience, skills, qualifications, anticipated contribution to role, internal equity, etc. The salary range presented above is based on a 35‑hour workweek and would represent a majority of different candidate profiles. However, we encourage candidates who may fall outside of this range to apply as well. About The Role We are seeking an experienced PAM Manager to lead our enterprise PAM program. You will own strategy, roadmap, implementation, operations, and continuous improvement across on‑prem, cloud, and hybrid environments. This role includes building and leading a high‑performing team of PAM engineers/analysts, fostering a culture of accountability, growth, and collaboration, and partnering across Security, Infrastructure, Cloud, and Application teams to safeguard privileged identities and secrets. What You’ll Do Here Strategy and Leadership Define and execute the PAM strategy and multi‑year roadmap centered on CyberArk capabilities and integrations. Build, lead, and develop a diverse team of PAM engineers/analysts; set clear objectives, career paths, and development plans. Establish team operating mechanisms: sprint planning, backlog management, on‑call rotations, documentation standards, and runbooks. Promote a culture of psychological safety, continuous learning, and operational excellence; recognize and reward high performance. Champion least‑privilege, zero trust, and secure‑by‑design principles across the organization. People Leadership and Team Development Conduct regular 1:1s, performance reviews, and competency assessments; provide coaching and actionable feedback. Hire, onboard, and retain top talent; define role expectations, skills matrices, and succession plans. Create training roadmaps for CyberArk certifications (Defender/Sentry/Guardian) and cross‑skilling in automation, cloud, and DevOps. Mentor senior engineers to lead initiatives and mentor junior staff; encourage knowledge sharing via guilds, tech talks, and documentation. Drive diversity, equity, and inclusion within the team; ensure fair workload distribution and equitable growth opportunities. Implement capacity planning and resource allocation to balance project delivery, operational support, and innovation time. Program Management and Governance Establish PAM policies, standards, and procedures aligned to NIST, ISO 27001, CIS, and regulatory requirements (e.g., SOX, PCI, HIPAA). Maintain a strong control environment: access governance, periodic access reviews, break‑glass processes, and separation of duties. Define team and program KPIs/OKRs; build dashboards for coverage, rotation SLAs, onboarding velocity, and audit outcomes. Run steering committees and cross‑functional working groups; manage risk, dependencies, and stakeholder expectations. CyberArk Platform Ownership Own end‑to‑end CyberArk lifecycle: design, configuration hardening, onboarding, upgrades/patching, capacity planning, backup/DR, and HA. Oversee onboarding and lifecycle management of privileged accounts, applications, devices to CyberArk PAS. Lead deployment and tuning of PVWA, PSM/PSMP, CPM, PTA/EPM, Conjur/Secrets Manager, AAM, SSH key management, and REST APIs. Implement credential rotation policies, session recording/monitoring, JIT access, ephemeral accounts/elevation, and threat analytics. Ensure integrations with AD/Azure AD, SIEM/SOAR, ITSM, CI/CD, cloud platforms (AWS, Azure, GCP), and enterprise apps. Operations and Incident Response Oversee day‑to‑day operations: vault health, onboarding queues, policy management, break‑glass, and ticket SLAs. Establish on‑call and escalation procedures; build incident playbooks for privileged anomalies and platform disruptions. Collaborate with SecOps/IR for detection, alerting, and response; drive post‑incident reviews and corrective actions. Continuously improve reliability and resilience through automation, testing, and preventive maintenance. Stakeholder Engagement and Influence Partner with Infrastructure, Network, Cloud, DevOps, and Application teams to embed PAM controls early in project lifecycles. Engage Audit, Risk, and Compliance for assessments, remediation, and evidence; communicate risk posture and program progress. Deliver training and enablement for privileged users and admins; create clear, user‑friendly communications to drive adoption. Continuous Improvement and Innovation Evaluate new CyberArk features and adjacent PAM technologies; drive POCs and phased rollouts. Optimize onboarding processes, automation, and self‑service to increase coverage and reduce time‑to‑value. Use data to reduce privileged risk: shadow admin discovery, toxic combination reduction, entitlement rationalization. What You Bring To The Table Education and Experience Bachelor’s in Computer Science, Information Security, or related field; or equivalent experience. 3+ in IAM/PAM or Information Security. 1+ years managing teams and programs. 3+ years hands‑on with CyberArk in enterprise environments. Bilingualism (an asset) - For candidates located in Quebec, bilingualism is required considering the necessity to interact on a regular basis with English speaking colleagues across the country. No Canadian work experience required however must be eligible to work in Canada. Technical Skills Deep expertise with CyberArk PAS (PVWA, PSM/PSMP, CPM), PTA/EPM, AAM/Conjur/Secrets Manager, API integrations, SSH key management. Strong understanding of Windows/Linux privilege models, AD/Azure AD, Kerberos/LDAP, SSO/MFA, and PKI fundamentals. Experience integrating PAM with SIEM/SOAR, ITSM, ticketing/workflows, and cloud (AWS/Azure/GCP) including IaaS/PaaS/Kubernetes. Scripting/automation proficiency (PowerShell, Python, REST APIs, Terraform/Ansible preferred). Knowledge of session monitoring/recording, credential rotation, JIT access, episodic credentials, and DevOps secrets management. Security and Compliance Familiarity with NIST CSF, NIST 800‑53/63, ISO 27001, CIS Controls, and regulations (SOX, PCI DSS, HIPAA, GDPR). Experience supporting audits, access certifications, evidence collection, and control remediation. Leadership and Soft Skills Proven people leadership: coaching, performance management, conflict resolution, and team motivation. Strong communication: executive reporting, clear documentation, stakeholder influence, and change management. Program/project management: prioritization, risk management, and delivery in matrixed environments. Preferred Certifications CyberArk: Defender, Sentry, Guardian. Security: CISSP, CISM, CCSP. Cloud: AWS/Azure/GCP. ITIL Foundation or equivalent service management. Key Performance Indicators (KPIs) Coverage: percentage of privileged accounts/secrets onboarded to CyberArk. Hygiene: rotation success rate, policy compliance, age of unmanaged credentials. Operations: onboarding SLA adherence, vault health/availability, incident MTTR. Risk Reduction: anomalies detected vs. resolved, reduction in standing privileges, audit findings closed on time. People Leadership: team engagement scores, retention of high performers, time‑to‑productivity for new hires, training/certification completion rates. Adoption: number of integrated platforms/apps, JIT usage vs. standing accounts, self‑service enablement metrics. Ce poste jouera un rôle essentiel au sein de notre équipe. | This position will fill an essential role in our team. We are an equal opportunity employer. At Intact, our Value of respect is founded on seeing diversity as a strength. We strive to create an accessible workplace where employees feel valued, included and encouraged to share their unique perspectives. We encourage applications from individuals who are members of equity‑deserving groups, including but not limited to women, Indigenous peoples, persons with disabilities, Black people, and members of the 2SLGBTQI+ community. As part of Intact’s commitment to reconciliation, we acknowledge that we work, meet and travel across the land currently called Canada, originally inhabited by First Nations, Metis and Inuit people. This history extends through many centuries and continues to evolve today. We have policies to ensure equal access and participation for people with disabilities, including providing workplace adjustments (accommodations). A copy of applicable policies is available on request. If we can provide a specific adjustment to make the recruitment process more accessible for you, please let us know when we reach out about a job opportunity. We’ll work with you to meet your needs. Learn more about our recruitment process and your candidate journey here. Please note that Intact does not provide sponsorship or other support for immigration‑related matters including but not limited to employer‑specific closed work permits. Candidates must be eligible to work in Canada from the anticipated start date and throughout their employment and are solely responsible for maintaining their work eligibility. If you are an employee of Intact or belairdirect, please apply for this role on Internal Career Site. #J-18808-Ljbffr