About the role
Why Join This Role?
-
The Canadian Bank is transforming client identity management to create secure, frictionless experiences across all digital touchpoints.
-
In this high-impact position, you’ll own the end-to-end CIAM architecture strategy, leading the design and implementation of advanced solutions for risk-based authentication, user consent and privacy management, API security, and real-time integration of fraud and threat intelligence signals.
-
You’ll bridge Azure cloud environments with on-premise systems, enabling scalable identity solutions that protect our clients while enhancing usability.
-
This role is ideal for a seasoned architect passionate about cybersecurity, data-driven decision-making, and enterprise governance.
-
You’ll collaborate with cross-functional teams in Digital, Security, Data, and Product to pilot innovative technologies and scale them enterprise-wide.
-
With a balanced work mix of 60% Solution Architecture, 20% Architecture Governance, and 20% Analytics/Intelligence, you’ll have the opportunity to innovate, enforce standards, and derive actionable insights from complex data sets—all while contributing to bank’s mission of helping our clients achieve their ambitions.
Key Responsibilities:
60% Solution Architecture (Lead Architect Role):
-
As the primary architect for CIAM, you’ll define and continuously evolve our target state architecture, creating reference patterns and multi-year roadmaps that span web, mobile, API, and call-center channels.
-
This includes leveraging Azure technologies such as Entra External ID (formerly Azure AD B2C) alongside on-premise identity services to build hybrid ecosystems.
-
Architect sophisticated risk-based and passwordless authentication workflows, incorporating multi-factor authentication (MFA), FIDO2/WebAuthn standards, device trust signals, and step-up authentication mechanisms. Utilize protocols like OAuth 2.1, OpenID Connect (OIDC), SAML, and SCIM to ensure secure, standards-compliant implementations.
-
Integrate with API gateways, Web Application Firewalls (WAF), Content Delivery Networks (CDN), and fraud detection platforms to fortify our defenses against emerging threats.
-
Design resilient data pipelines that aggregate threat intelligence, behavioral analytics (e.g., bot scores, device fingerprints, transaction risk scores, and IP reputation data) into policy decision engines and orchestration layers for real-time risk assessment.
-
Develop comprehensive solution dossiers, including non-functional requirements (NFRs), sequence and flow diagrams, data models, integration contracts, adherence to 12-factor app principles, resiliency patterns (e.g., circuit breakers, retries), and detailed migration strategies from legacy IAM systems like Active Directory (AD), AD Federation Services (ADFS), or CA SiteMinder.
-
Foster strong partnerships with Digital, Security, Data, and Product teams to deliver proof-of-concept pilots, iterate based on feedback, and scale solutions across bank’s diverse lines of business, ensuring alignment with business objectives and regulatory requirements.
20% Architecture Governance (TOGAF-Aligned):
-
You’ll champion governance practices to maintain architectural integrity and promote reusability across the organization, drawing on TOGAF (The Open Group Architecture Framework) methodologies.
-
Lead architecture reviews and Architecture Review Boards (ARBs), enforcing enterprise standards, reusable building blocks, and modeling artifacts using ArchiMate for capability maps and viewpoints.
-
Establish and enforce CIAM guardrails covering critical areas such as API security, secrets and key management, token lifetimes, user consent frameworks, and data retention policies; regularly measure compliance and adherence through audits and metrics.
-
Manage risk and technical debt backlogs, overseeing exception processes, remediation planning, and prioritization to mitigate vulnerabilities.
-
Contribute to strategic investment cases, vendor evaluations (e.g., build vs. buy decisions), licensing models, and total cost of ownership (TCO) analyses to guide technology investments.
20% Analytics & Intelligence:
-
Leverage data analytics to optimize CIAM operations and enhance threat detection, turning raw data into strategic intelligence.
-
Conduct in-depth analysis of large-scale identity and fraud datasets from sources like clickstream data, authentication logs, Security Information and Event Management (SIEM) systems, and data lakes/warehouses to refine policies, minimize unnecessary MFA prompts, and reduce user friction.
-
Operationalize diverse threat intelligence feeds— including structured formats like STIX/TAXII, industry-sharing platforms (e.g., FS-ISAC), commercial sources, and open-source intelligence (OSINT)—into automated detections, risk scoring models, and adaptive security controls.
-
Define and track key performance indicators (KPIs) such as Authentication Assurance Levels (AAL), false-positive/negative rates, conversion rates, session abandonment metrics, and fraud loss avoidance; develop and publish interactive dashboards and executive insights to inform decision-making.
Qualifications and Experience:
Required Experience:
-
CIAM Leadership: 8+ years of hands-on experience designing and leading Customer Identity and Access Management (CIAM) or external identity platforms at enterprise scale, preferably within financial services or regulated industries.
-
Fusion/Intelligence Expertise: 7+ years in cyber fusion, threat intelligence, or data-fusion environments, where you’ve integrated multiple intelligence sources to drive real-time security decisions. (Note: "Fusion" here refers to the integration of cyber, threat, and data signals; please clarify if an alternative interpretation is intended.)
-
Large-Scale Data Handling: 10+ years working with big data and advanced analytics tools, such as Azure Data Lake, Databricks, Apache Spark, Kafka, and SQL/NoSQL databases, to transform telemetry data into policy-driven actions.
-
Cloud and On-Premise Proficiency: Extensive expertise in Azure services (e.g., Entra External ID/Azure AD B2C, Azure Key Vault, Event Hubs, Azure Functions, App Service) combined with practical experience in on-premise IAM systems.
-
Threat Analytics Skills: Proven track record with SIEM/User and Entity Behavior Analytics (UEBA) tools like Sentinel or Splunk, bot mitigation strategies, device fingerprinting, anomaly detection algorithms, and orchestration of fraud/risk signals.
-
Standards and Security Mastery: Deep knowledge of protocols including OAuth 2.1, OIDC, SAML, SCIM, FIDO2/WebAuthn, JWT/JWE/JWS, and mTLS; strong foundation in standards like NIST 800-63, PCI DSS, PIPEDA, and GDPR for consent and privacy management.
-
TOGAF Application: Demonstrated practical use of the TOGAF Architecture Development Method (ADM), with experience in ArchiMate modeling (certification is a plus).
-
Leadership Track Record: Experience building and mentoring small architecture teams, influencing director- and VP-level stakeholders, and managing vendor relationships with providers like Okta, Ping Identity, ForgeRock.
Must-Have Skills:
-
Architecting CIAM platforms at scale for web, mobile, and API environments.
-
Integrating Azure (Entra External ID/Azure AD B2C) with hybrid/on-premise identity systems.
-
Implementing risk-based authentication, MFA/passwordless solutions, and consent/preference management.
-
Incorporating threat intelligence feeds (e.g., STIX/TAXII), SIEM integrations, and bot/abuse mitigation techniques.
-
Data engineering and analytics for identity signals using tools like Spark, Databricks, and Kafka.
-
Leading TOGAF-based governance, Architecture Review Boards (ARBs), and creating reference architectures.
-
Proficiency in protocols: OAuth 2.1, OIDC, SAML, SCIM; plus API security and zero-trust patterns.
Nice-to-Have Skills:
-
Experience with anti-fraud platforms such as ThreatMetrix, Arkose Labs, or BioCatch, including device intelligence capabilities.
-
Familiarity with API gateways (e.g., Apigee, Kong, Azure API Management) and WAF/CDN solutions (e.g., Akamai, Cloudflare).
-
Knowledge of client data and privacy technologies, including Client Data Platforms (CDP), Master Data Management (MDM), and Consent Management Platforms (CMP) like OneTrust.
-
Expertise in mobile identity solutions, such as AppAuth/OIDC on devices, certificate pinning, and device attestation.
-
Background in regulated financial institution (FI) environments, with compliance to standards like OSFI guidelines, SOC 2, and ISO 27001.
About Collabera
In our relentless pursuit of greatness, we are dedicated to developing individuals, creating exceptional teams, and cultivating a unique culture of unity and care. As providers of digital talent solutions, we aim to positively impact businesses and communities globally. We would be honored to be your trusted and uncommon partner on this journey.
About the role
Why Join This Role?
-
The Canadian Bank is transforming client identity management to create secure, frictionless experiences across all digital touchpoints.
-
In this high-impact position, you’ll own the end-to-end CIAM architecture strategy, leading the design and implementation of advanced solutions for risk-based authentication, user consent and privacy management, API security, and real-time integration of fraud and threat intelligence signals.
-
You’ll bridge Azure cloud environments with on-premise systems, enabling scalable identity solutions that protect our clients while enhancing usability.
-
This role is ideal for a seasoned architect passionate about cybersecurity, data-driven decision-making, and enterprise governance.
-
You’ll collaborate with cross-functional teams in Digital, Security, Data, and Product to pilot innovative technologies and scale them enterprise-wide.
-
With a balanced work mix of 60% Solution Architecture, 20% Architecture Governance, and 20% Analytics/Intelligence, you’ll have the opportunity to innovate, enforce standards, and derive actionable insights from complex data sets—all while contributing to bank’s mission of helping our clients achieve their ambitions.
Key Responsibilities:
60% Solution Architecture (Lead Architect Role):
-
As the primary architect for CIAM, you’ll define and continuously evolve our target state architecture, creating reference patterns and multi-year roadmaps that span web, mobile, API, and call-center channels.
-
This includes leveraging Azure technologies such as Entra External ID (formerly Azure AD B2C) alongside on-premise identity services to build hybrid ecosystems.
-
Architect sophisticated risk-based and passwordless authentication workflows, incorporating multi-factor authentication (MFA), FIDO2/WebAuthn standards, device trust signals, and step-up authentication mechanisms. Utilize protocols like OAuth 2.1, OpenID Connect (OIDC), SAML, and SCIM to ensure secure, standards-compliant implementations.
-
Integrate with API gateways, Web Application Firewalls (WAF), Content Delivery Networks (CDN), and fraud detection platforms to fortify our defenses against emerging threats.
-
Design resilient data pipelines that aggregate threat intelligence, behavioral analytics (e.g., bot scores, device fingerprints, transaction risk scores, and IP reputation data) into policy decision engines and orchestration layers for real-time risk assessment.
-
Develop comprehensive solution dossiers, including non-functional requirements (NFRs), sequence and flow diagrams, data models, integration contracts, adherence to 12-factor app principles, resiliency patterns (e.g., circuit breakers, retries), and detailed migration strategies from legacy IAM systems like Active Directory (AD), AD Federation Services (ADFS), or CA SiteMinder.
-
Foster strong partnerships with Digital, Security, Data, and Product teams to deliver proof-of-concept pilots, iterate based on feedback, and scale solutions across bank’s diverse lines of business, ensuring alignment with business objectives and regulatory requirements.
20% Architecture Governance (TOGAF-Aligned):
-
You’ll champion governance practices to maintain architectural integrity and promote reusability across the organization, drawing on TOGAF (The Open Group Architecture Framework) methodologies.
-
Lead architecture reviews and Architecture Review Boards (ARBs), enforcing enterprise standards, reusable building blocks, and modeling artifacts using ArchiMate for capability maps and viewpoints.
-
Establish and enforce CIAM guardrails covering critical areas such as API security, secrets and key management, token lifetimes, user consent frameworks, and data retention policies; regularly measure compliance and adherence through audits and metrics.
-
Manage risk and technical debt backlogs, overseeing exception processes, remediation planning, and prioritization to mitigate vulnerabilities.
-
Contribute to strategic investment cases, vendor evaluations (e.g., build vs. buy decisions), licensing models, and total cost of ownership (TCO) analyses to guide technology investments.
20% Analytics & Intelligence:
-
Leverage data analytics to optimize CIAM operations and enhance threat detection, turning raw data into strategic intelligence.
-
Conduct in-depth analysis of large-scale identity and fraud datasets from sources like clickstream data, authentication logs, Security Information and Event Management (SIEM) systems, and data lakes/warehouses to refine policies, minimize unnecessary MFA prompts, and reduce user friction.
-
Operationalize diverse threat intelligence feeds— including structured formats like STIX/TAXII, industry-sharing platforms (e.g., FS-ISAC), commercial sources, and open-source intelligence (OSINT)—into automated detections, risk scoring models, and adaptive security controls.
-
Define and track key performance indicators (KPIs) such as Authentication Assurance Levels (AAL), false-positive/negative rates, conversion rates, session abandonment metrics, and fraud loss avoidance; develop and publish interactive dashboards and executive insights to inform decision-making.
Qualifications and Experience:
Required Experience:
-
CIAM Leadership: 8+ years of hands-on experience designing and leading Customer Identity and Access Management (CIAM) or external identity platforms at enterprise scale, preferably within financial services or regulated industries.
-
Fusion/Intelligence Expertise: 7+ years in cyber fusion, threat intelligence, or data-fusion environments, where you’ve integrated multiple intelligence sources to drive real-time security decisions. (Note: "Fusion" here refers to the integration of cyber, threat, and data signals; please clarify if an alternative interpretation is intended.)
-
Large-Scale Data Handling: 10+ years working with big data and advanced analytics tools, such as Azure Data Lake, Databricks, Apache Spark, Kafka, and SQL/NoSQL databases, to transform telemetry data into policy-driven actions.
-
Cloud and On-Premise Proficiency: Extensive expertise in Azure services (e.g., Entra External ID/Azure AD B2C, Azure Key Vault, Event Hubs, Azure Functions, App Service) combined with practical experience in on-premise IAM systems.
-
Threat Analytics Skills: Proven track record with SIEM/User and Entity Behavior Analytics (UEBA) tools like Sentinel or Splunk, bot mitigation strategies, device fingerprinting, anomaly detection algorithms, and orchestration of fraud/risk signals.
-
Standards and Security Mastery: Deep knowledge of protocols including OAuth 2.1, OIDC, SAML, SCIM, FIDO2/WebAuthn, JWT/JWE/JWS, and mTLS; strong foundation in standards like NIST 800-63, PCI DSS, PIPEDA, and GDPR for consent and privacy management.
-
TOGAF Application: Demonstrated practical use of the TOGAF Architecture Development Method (ADM), with experience in ArchiMate modeling (certification is a plus).
-
Leadership Track Record: Experience building and mentoring small architecture teams, influencing director- and VP-level stakeholders, and managing vendor relationships with providers like Okta, Ping Identity, ForgeRock.
Must-Have Skills:
-
Architecting CIAM platforms at scale for web, mobile, and API environments.
-
Integrating Azure (Entra External ID/Azure AD B2C) with hybrid/on-premise identity systems.
-
Implementing risk-based authentication, MFA/passwordless solutions, and consent/preference management.
-
Incorporating threat intelligence feeds (e.g., STIX/TAXII), SIEM integrations, and bot/abuse mitigation techniques.
-
Data engineering and analytics for identity signals using tools like Spark, Databricks, and Kafka.
-
Leading TOGAF-based governance, Architecture Review Boards (ARBs), and creating reference architectures.
-
Proficiency in protocols: OAuth 2.1, OIDC, SAML, SCIM; plus API security and zero-trust patterns.
Nice-to-Have Skills:
-
Experience with anti-fraud platforms such as ThreatMetrix, Arkose Labs, or BioCatch, including device intelligence capabilities.
-
Familiarity with API gateways (e.g., Apigee, Kong, Azure API Management) and WAF/CDN solutions (e.g., Akamai, Cloudflare).
-
Knowledge of client data and privacy technologies, including Client Data Platforms (CDP), Master Data Management (MDM), and Consent Management Platforms (CMP) like OneTrust.
-
Expertise in mobile identity solutions, such as AppAuth/OIDC on devices, certificate pinning, and device attestation.
-
Background in regulated financial institution (FI) environments, with compliance to standards like OSFI guidelines, SOC 2, and ISO 27001.
About Collabera
In our relentless pursuit of greatness, we are dedicated to developing individuals, creating exceptional teams, and cultivating a unique culture of unity and care. As providers of digital talent solutions, we aim to positively impact businesses and communities globally. We would be honored to be your trusted and uncommon partner on this journey.