Principal IAM Engineer

About us:

Peoples Group is a boutique financial institution with offices located in Vancouver, Calgary, Toronto, and Montreal that has been in the Canadian marketplace for over 35 years. Our mission is to exceed our customers' expectations by providing exceptional customer service backed by extensive product knowledge and experience.

Our culture here at Peoples Group is formed by our values: Trustworthy, Creative, Willing. We believe people don't choose a company to work for, they choose a company to join. We prioritize risk-based practices and procedures in order to remain risk intelligent and compliant. We value people, building relationships, and focusing on strengths; we execute with passion.

About the work environment:

Peoples Group offers a flexible and hybrid work environment. In this role, you will work a combination of in-office and remotely from home. Typically, you'll work regular business hours, Monday through Friday, between 8:00 a.m. and 4:30 p.m., with flexibility around start/end times.

We are hiring for this position out of Toronto and Vancouver. Successful candidates who apply outside of these areas will be expected to relocate and reside in a location that is within a commutable distance.

The role requires the candidate to participate in on-call, acting as an escalation path for critical incidents.

About you:

You are seeking a highly skilled Principal IAM Engineer who will drive the design, implementation, and management of our Customer Identity and Access Management (CIAM) platform with a focus on Auth0 in a greenfield environment. You will play a dual role, leading IAM architecture while also handling engineering and implementation tasks.

This role is pivotal in building our next-generation identity and access management (IAM) framework, ensuring seamless, secure, and scalable authentication and authorization for millions of customers.

About the day-to-day:

Architectural Responsibilities:

• Help create and lead the implementationof an enterprise-gradeCIAM solution using Auth0, ensuring best practices in identity security, scalability, and compliance.
• Assist in definingauthentication and authorization architectures, includingOAuth2, OIDC, JWT, SAML, andadaptive authentication strategies.
• Assist with IAM governance, security policies, and integration models forAuth0 & Microsoft Entra ID (Azure AD).
• Help the AVP develop anidentity roadmap, ensuring alignment withZero Trust principlesand future business needs.
• Collaborate withSecurity, DevOps, Engineering, and Product Teamsto align IAM strategy with application security.

Engineering Responsibilities:

• Build, configure, and optimizeAuth0 tenant(s), including identity providers, user management, rules, hooks, and authentication flows.
• Develop and maintaincustom authentication and authorization policies, includingRBAC, ABAC, and Just-In-Time (JIT) provisioning.
• IntegrateAuth0 with customer-facing applications(web, mobile, API gateways) usingOAuth2, OIDC, and API security best practices.
• ImplementMulti-Factor Authentication (MFA), Passwordless Authentication, and risk-based authentication.
• DeployMicrosoft Entra ID (Azure AD)integrations for enterprise IAM needs, including B2B and B2E scenarios as needed.
• Help develop automation and infrastructure-as-code (IaC) for IAM usingTerraform and PowerShell.
• Establish and maintainIAM monitoring, logging, and anomaly detectionusing Auth0 logs, SIEM integration, and UEBA tools.

About the qualifications:

• 7+ years of relevant experience in IT.
• Deep expertise in Auth0, including tenant configuration, authentication pipelines, custom rules, and extensibility.
• Strong knowledge of OAuth2, OpenID Connect (OIDC), JWT, and API security.
• Experience with Microsoft Entra ID (Azure AD), including Conditional Access, B2B, SCIM provisioning.
• Experience assisting developers integrate IAM with customer applications (React, Angular, Node.js, .NET, etc.).
• Understanding of Zero Trust security models, adaptive authentication, and least privilege access.
• Experience with SIEM integration (Azure Sentinel) for identity threat detection.
• Experience withCI/CD pipelines (GitHub Actions, GitLab CI/CD)for IAM automation.
• Proficiency in IAM automation using Terraform and PowerShell.
• Experience withWebAuthn, FIDO2, Passkeys, and Passwordless authentication.
• Familiarity withcustomer identity analytics, fraud detection, and identity risk scoring (e.g., Auth0 Attack Protection, UEBA tools).
• IAM-relatedcertifications(e.g., Auth0 Certified Expert, Azure Security Engineer, Certified Identity and Access Manager - CIAM).
• Bachelor's degree in engineering, computer science or a related,

Compensation:

Peoples Group is pleased to offer employees a competitive annual salary plus a discretionary profit share opportunity. In addition, we are pleased to offer employees both group benefits and the option to participate in our RRSP matching program, beginning the first day of employment. Salary for this position will vary between $150,000 to 170,000 per year depending on the knowledge, skills, abilities and experience that the chosen candidate possesses. As part of our recruiting process, shortlisted candidates will be asked their salary expectations for this position.

Help us get to know you better by answering our application questions! Your participation is expected as an essential part of our selection process.

NOTE: This job posting is for an existing vacancy. Peoples Group is an Equal Employment Opportunity employer. Please accept our utmost appreciation for your interest; however, only those applicants under consideration will be contacted.