Endpoint Architect

s disparités en matière de cybersécurité. Le projet vise à intégrer ces postes critiques dans l'écosystème de gestion unifiée des terminaux (UEM) de l'entreprise en exploitant les licences existantes Microsoft (Intune et SCCM). La transition doit se faire sans aucune interruption des opérations de création de contenu et de diffusion en direct.

Our Client operates across Canada. This company takes all reasonable means to limit the number of positions in Quebec that require knowledge of a language other than French, and only requires this where it is necessary and its existing bilingual employees are unable to fulfil these job duties.
Based on an assessment conducted by our client, it has been determined that this position favors candidates that are fluent in English (oral and written). In particular, this position will require the employee to:
Collaborate and provide support to other colleagues and business functions located outside of Quebec who do not speak French

Advantages
T4 benefits
* 2 sick days (Quebec employment minimum standards)
* 4% cumulative over the year based on hours worked (Quebec employment minimum standards)
* 8 holidays (Quebec employment minimum standards)
* Possibility of adhering to our collective medical insurance after 3 months (CAUTION: no disability and life insurance included/possible). Three levels offered based on RAMQ, which means someone who does not have access to RAMQ cannot adhere.

Employee on Randstad's payroll
* Weekly payments
* Accumulates government withholdings: QPIP, QC and CAN Taxes, QC Pension, EI.
* 8 holidays (according to Quebec Labour Standards Act)
* 2 sick days (Quebec employment minimum standards)
* 4% cumulative over the year based on hours worked (Quebec employment minimum standards) approx. 1 day per month. So between 10 and 12 days per year.
* 8 holidays (Quebec employment minimum standards)
* Insurance: Possibility of adhering to our collective medical insurance after 3 months (CAUTION: no disability and life insurance included/possible). Three levels offered based on RAMQ, which means someone who does not have access to RAMQ cannot adhere. Preferential Randstad rate.
* Flexibility to gain career experience in different fields and companies
* Continue to work and not be unemployed during periods and contexts of constraining employment

Responsibilities
Scope of Work (Responsibilities)

The consultant will act as the Lead Endpoint Architect for technical design and implementation authority for the project. Responsibilities include:

● Discovery and Inventory Profiling: Lead the effort to identify and map currently unmanaged or locally managed media workstations. This includes an exhaustive inventory of hardware (make, model), operating systems, proprietary software, vendor proprietary dependencies/warranties, and the exact purpose of each workstation.
● Analysis and Strategy: Assess the unique media use cases (Radio, Studio, Master Control Room) based on the inventory data and design a tailored Intune and SCCM co-management architecture
● Role-Based Access Control (RBAC) Design & Delegation: Analyze the daily operational requirements of regional maintenance and IT teams. Design and implement a granular RBAC model within Intune and SCCM that provides local teams with the exact permissions needed to manage, support, and troubleshoot media workstations efficiently, without granting unnecessary enterprise-wide administrative rights.
● Third-Party Vendor Collaboration: Liaise with proprietary broadcast software and hardware vendors to validate compatibility, understand support constraints, and ensure that applied security policies do not void vendor warranties or service level agreements.
● Technical Validation (POC & Pilots): Lead rigorous testing and pilot deployments to ensure security and compliance policies (EDR, Defender, updates) have zero negative impact on live broadcast performance.
● Implementation and Regional Rollout: Execute the migration plan by building and configuring the SCCM/Intune environments according to the approved architecture. Oversee and execute the phased enrollment of media workstations across all regions, ensuring seamless operational continuity.
● Documentation Governance: Author detailed architectural documentation and ensure knowledge transfer to regional maintenance teams.
● Change Management Technical Support: Partner with the Project Manager by providing clear technical impact assessments, deployment timelines, and the technical narrative needed to support end-user communications and training materials.
● Strategic Leadership: Act as the technical bridge between corporate cybersecurity standards and the operational requirements of broadcast engineers.

Key Deliverables
1. Equipment Inventory and Profiling Matrix: A detailed registry documenting the current state of media workstations (hardware, specialized software, external vendor requirements, and network connectivity).
2. Media Use-Case Analysis Report: Identification of technical and operational constraints by environment type (air-gapped, latency-sensitive, etc.).
3. RBAC Matrix and Delegation Model: A documented access control framework detailing the specific roles, scope tags, and permissions assigned to regional IT staff within the Intune and SCCM administrative consoles.
4. Detailed Architecture Document (High & Low Level Design): Design of the SCCM/Intune co-management solution adapted for media workstations.
5. Migration and Decommissioning Plan: Strategy for retiring local tools (Ivanti/PDQ Deploy) and integrating into the Microsoft ecosystem.
6. Proof of Concept (POC) and Pilot Testing Report: Validation of configurations in isolated environments prior to general deployment.
7. Configured Production Environment: A fully functional, tested, and secured Intune/SCCM co-management infrastructure configured specifically for media workloads.
8. Completed Regional Rollouts: Successful enrollment of the targeted media workstations into the new UEM platform, followed by the decommissioning of legacy tools (e.g., Ivanti).
9. Operational Documentation (Runbooks): Deployment and maintenance guides for local support teams.

Work Modalities and Logistics
● Work Location: Hybrid model, based out of the Montreal or Toronto offices.
● On-site Presence: In-office presence is required two (2) days per week. (This condition is negotiable and may vary depending on critical project phases).
● Travel: The consultant may be required to travel occasionally across the country based on deployment needs or local infrastructure analysis.

Governance and Reporting
● Reporting Structure: The consultant will report directly to Mathieu Leboeuf, Senior Manager, Endpoint Technology.
● Operational Tracking: Weekly status meetings will be established to evaluate project progress.

Qualifications
Qualifications required :
● Education: University degree, or college diploma, in the field of computer science or an equivalent combination of education and relevant experience.
● Experience: 7+ years in a technical leadership or systems architect role, with a demonstrated focus on enterprise endpoint technologies.
● Technological Expertise: Deep, hands-on technical working experience with Microsoft Intune, SCCM, Autopilot, Active Directory, Azure/Entra ID, and Group Policy Management (GPO).
● Automation: Strong knowledge of scripting languages (PowerShell, Bash) for automation and non-intrusive policy deployment.
● Soft Skills & Leadership: Strong communication, collaboration, and leadership abilities, specifically in managing technical change with specialized stakeholders. Excellent problem-solving, analytical, and troubleshooting skills. Highly self-motivated, directed, and able to exercise sound judgment, work independently, and take initiative.
● Critical Context: Sensitivity to, or direct experience with, high-availability, mission-critical, or broadcast/media IT environments where system interruption is not an option.
● Assets:
● Experience with legacy deployment and management tools (such as Ivanti or PDQ Deploy).
● Bilingualism (French/English).
● Specific knowledge of broadcast or media IT production environments and proprietary media software/hardware constraints.

Summary
Architecte Endpoint
● Experience level: +7 ans d'expérience
● Requis linguistiques: bilinguisme (français/anglais)
● Localisation: Régions de Montréal ou Toronto
* Présence au bureau: deux (2) jours sur site ou plus selon les exigences du projet
* Fréquence au bureau: Mode hybride
● Exigences de voyage: Oui et des déplacements entre Montréal, Toronto et certaines régions au Canada.
●Durée du mandat: 1 an
● Option(s) de renouvellement: 1 option de 8.5 mois (approximatif) .
● Horaire: 40 heures par semaine/ 8 heures par jour
● Date de début désirée: Dès que possible

Engagement Objectives

● Standardization: Integrate media workstations into Intune and SCCM to align them with enterprise standards.
● Security: Apply centralized security, configuration, and compliance policies tailored to media environments.
● Operational Efficiency: Reduce the manual management burden on local teams and retire legacy management tools (e.g., Ivanti).
● Optimized Deployment: Reduce media workstation deployment and imaging time through automation and image standardization.

Randstad Canada is committed to fostering a workforce reflective of all peoples of Canada. As a result, we are committed to developing and implementing strategies to increase the equity, diversity and inclusion within the workplace by examining our internal policies, practices, and systems throughout the entire lifecycle of our workforce, including its recruitment, retention and advancement for all employees. In addition to our deep commitment to respecting human rights, we are dedicated to positive actions to affect change to ensure everyone has full participation in the workforce free from any barriers, systemic or otherwise, especially equity-seeking groups who are usually underrepresented in Canada's workforce, including those who identify as women or non-binary/gender non-conforming; Indigenous or Aboriginal Peoples; persons with disabilities (visible or invisible) and; members of visible minorities, racialized groups and the LGBTQ2+ community.

Randstad Canada is committed to creating and maintaining an inclusive and accessible workplace for all its candidates and employees by supporting their accessibility and accommodation needs throughout the employment lifecycle. We ask that all job applications please identify any accommodation requirements by sending an email to accessibility@randstad.ca to ensure their ability to fully participate in the interview process.