Identity Core Manager
- Type:
- Full Time
- Location(s):
- Montréal Quebec
- Toronto Ontario
- Date Posted:
- Job ID:
- R151184
Our employees are at the heart of everything we do. Together, we help people, businesses, and society prosper in good times and be resilient in bad times.
Our employee promise represents Intact’s commitment to you in exchange for living our Values, striving to do your best work, being open to change and investing in your career. In return, we promise to provide support, opportunities and performance-led financial rewards at a workplace where you can shape the future, win as a team and grow with us.
Pay at Intact is about much more than just salary.
Flexible work arrangements and a hybrid work model
Possibility to purchase up to 5 extra days off per year
Multiple benefits offered to support physical and mental wellbeing, including telemedicine, Wellness account and much more
Share plan & other savings: up to 12% of salary or even more (ask how you could earn guaranteed income for life)
Salary range (but not limited to):
128,300 - 156,800Annual bonus target, based on the base salary, with a potential payout of up to double the target (subject to personal and company performance):
15%As part of our commitment to Win As A Team, we share our success with employees through our annual bonus plan and Employee Share Purchase Plan (ESPP) – with Intact matching 50% of your net shares.
Our pension offerings provide flexibility and long-term security for our employees beyond their careers. We are one of the few companies offering the opportunity to receive guaranteed income for life via our defined benefit pension plan.
Salary for the candidate will be determined taking into consideration a number of factors including: experience, skills, qualifications, anticipated contribution to role, internal equity, etc. The salary range presented above is based on a 35-hour workweek and would represent a majority of different candidate profiles. However, we encourage candidates who may fall outside of this range to apply as well.
About the role
We’re looking for an Identity Core Manager to lead our enterprise identity and access management using SailPoint IdentityIQ, integrated with Active Directory, Entra ID (Azure AD), and a wide range of apps.
You will own strategy, architecture, delivery, operations, and continuous improvement of core IAM services including identity lifecycle, access provisioning, role modeling, certification, and policy enforcement. You will manage a team of identity engineers/analysts, partner with Security, Infrastructure, Cloud, and Application teams, and ensure identities and entitlements are governed in line with best practices and regulatory requirements.
What you'll do here:
Strategy and Leadership
Define and execute the identity core strategy and multi-year roadmap centered on SailPoint IIQ and integrations with AD/Entra ID and key business apps.
Build, lead, and develop a high-performing team; set clear objectives, career paths, and development plans.
Champion least privilege, zero trust, and standardized identity lifecycle (joiner-mover-leaver) across the enterprise.
Identity Governance and Administration (IGA) Ownership
Own the SailPoint IIQ platform lifecycle: architecture/design, deployment, configuration hardening, upgrades/patching, performance tuning, backup/DR, and HA.
Implement and optimize identity lifecycle processes (JML), automated provisioning/deprovisioning, and access requests/approvals.
Design and manage role-based and attribute-based access models (RBAC/ABAC), birthright access, SoD policies, and policy enforcement controls.
Lead access certification campaigns, remediation workflows, and attestation evidence for audits.
Develop connectors/integrations for AD/Entra ID, HRIS, ERP, CRM, ITSM, data platforms, and custom applications using SailPoint adapters and REST.
Establish data quality standards for identity attributes; drive authoritative source alignment and identity correlation rules.
Directory and Cloud Identity Integration
Ensure robust integrations with AD and Entra ID: group/role synchronization, dynamic groups, conditional access, MFA/SSO alignment, and privileged identity handoffs to PAM.
Coordinate federation/SSO (SAML/OIDC) strategies and entitlement synchronization between IIQ and IdP/SSO platforms.
Partner with Cloud/DevOps to support modern workloads (Azure, AWS, GCP, containers/Kubernetes) with standardized identity patterns.
Operations and Reliability
Oversee day-to-day operations: queue management, provisioning SLAs, connector health, certification schedules, and incident response.
Establish on-call rotations, escalation paths, and runbooks; drive root-cause analysis and corrective actions for identity service disruptions.
Automate routine tasks and quality checks; implement monitoring/alerting, capacity planning, and performance management.
People Leadership and Team Development
Conduct regular 1:1s, performance reviews, and competency assessments; provide coaching and actionable feedback.
Hire, onboard, and retain top talent; define role expectations, skills matrices, and succession plans.
Create training paths for SailPoint (IIQ development/config), directory services, and integration engineering; encourage certifications and knowledge sharing.
Foster psychological safety, collaboration, and continuous learning; recognize and reward high performance.
Governance, Risk, and Compliance
Align policies and controls to NIST, ISO 27001, CIS, and applicable regulations (SOX, PCI DSS, HIPAA, GDPR).
Partner with Audit/Risk to plan and execute certifications, SoD testing, access reviews, and evidence collection.
Drive remediation of audit findings, toxic combinations, orphaned accounts, and excessive entitlements.
Stakeholder Engagement and Change Management
Partner with HR, Application Owners, and Business Units to embed identity controls early in project lifecycles.
Lead steering committees and working groups; communicate program status, risk posture, and outcomes to executives.
Deliver user enablement: documentation, training, and clear communications for requesters, approvers, and certifiers.
Continuous Improvement and Innovation
Evaluate and implement new IIQ features/modules, cloud-native capabilities, and integration patterns.
Optimize role mining, identity data quality, and request/approval UX; increase automation and reduce manual interventions.
Use metrics to drive risk reduction: dormant accounts, excessive privileges, certification completion and accuracy, and time-to-provision.
What you bring to the table:
Education and Experience
Bachelor’s degree in Computer Science, Information Security, or related field; or equivalent experience.
3+years in IAM/IGA roles, with 1+ years managing teams and programs.
2+ years hands-on with SailPoint IdentityIQ (design, development, configuration, operations) in enterprise environments.
Technical Skills
Strong expertise with SailPoint IIQ: workflows, provisioning policies, certifications, roles/entitlements, SoD, plugins, rules, and connectors.
Proficiency in AD/Entra ID administration and integration; understanding of LDAP/Kerberos, group policy, conditional access, and MFA/SSO.
Experience integrating IIQ with HR systems, major enterprise apps (ERP/CRM), custom apps via REST/SOAP/DB connectors, and ITSM (ServiceNow).
Development/automation skills: Java (IIQ rules/workflows), Beanshell, SQL, REST APIs, PowerShell/Python for connectors and operational tooling.
Knowledge of SAML/OIDC/OAuth, SCIM, RBAC/ABAC, identity correlation, and authoritative source modeling.
Security and Compliance
Familiarity with NIST CSF, NIST 800-53, ISO 27001, CIS Controls, and regulations (SOX, PCI DSS, HIPAA, GDPR).
Demonstrated experience with certifications, SoD analysis, and audit support.
Leadership and Soft Skills
Proven people leadership: coaching, performance management, conflict resolution, and cross-functional influence.
Excellent communication: executive reporting, clear documentation, stakeholder engagement, and change management.
Strong program/project management: prioritization, dependency/risk management, and delivery in matrixed environments.
Preferred Certifications
SailPoint (IdentityIQ Engineer/Architect), Microsoft (Azure/Entra), Security (CISSP, CISM), ITIL Foundation.
#LI-Hybrid
Ce poste jouera un rôle essentiel au sein de notre équipe. | This position will fill an essential role in our team.
We are an equal opportunity employer
At Intact, our Value of respect is founded on seeing diversity as a strength. We strive to create an accessible workplace where employees feel valued, included and encouraged to share their unique perspectives.
We encourage applications from individuals who are members of equity-deserving groups, including but not limited to women, Indigenous peoples, persons with disabilities, Black people, and members of the 2SLGBTQI+ community.
As part of Intact’s commitment to reconciliation, we acknowledge that we work, meet and travel across the land currently called Canada, originally inhabited by First Nations, Metis and Inuit people. This history extends through many centuries and continues to evolve today.
We have policies to ensure equal access and participation for people with disabilities, including providing workplace adjustments (accommodations). A copy of applicable policies is available on request.
If we can provide a specific adjustment to make the recruitment process more accessible for you, please let us know when we reach out about a job opportunity. We’ll work with you to meet your needs.
Learn more about our recruitment process and your candidate journey here.
Please note that Intact does not provide sponsorship or other support for immigration-related matters including but not limited to employer-specific closed work permits. Candidates must be eligible to work in Canada from the anticipated start date and throughout their employment and are solely responsible for maintaining their work eligibility.
If you are an employee of Intact or belairdirect, please apply for this role on Internal Career Site.