CyberArk Solutions Architect

retrieval services using CyberArk CP/CCP and Azure Key Vault, and aligning solutions with Zero Trust principles. The ideal consultant brings deep, hands-on expertise across CyberArk components (Vault, CPM, PSM, SIA), Azure PIM, and secure authentication methods such as MFA, FIDO2, and certificate-based authentication. You will collaborate closely with application, infrastructure, enterprise architecture, and cyber security teams to deliver scalable, highly available PAM solutions, define repeatable integration patterns, and support governance and compliance requirements including session isolation, auditing, and recording. This is an opportunity to apply advanced IAM and PAM expertise in a complex banking or government setting, influencing enterprise-wide security architecture while providing thought leadership, documentation, and best practices to strengthen overall security posture.

*** 23 month contract to start ***

*** Fully remote position ***

Advantages
•Work on complex, enterprise-scale PAM initiatives without being location-dependent.
•Enjoy increased flexibility and better work–life balance in a fully remote role.



Responsibilities
•Participate in all phases of the project life cycle to support the design and implementation of PAM modernization and secrets management architecture for internal applications
•Collaborate with application and infrastructure teams to deliver highly available credential retrieval services using CyberArk Credential and Central Credential Provider (CP/CCP) and/or Azure Key Vault
•Act as the primary technical authority and perform planning activities leading to the solution architecture of the Privileged Access Management (PAM) platforms, focusing on CyberArk (Privilege Cloud).
•Analyze the current privileged identity solution environments to identify deficiencies and opportunities for simplification, scalability, and alignment with Zero Trust principles
•Define and document the solution architecture structure and deployment of PAM components for session isolation, auditing, recording, JIT, risk, and secret rotation
•Support secure authentication integration with Microsoft MFA, FIDO2, and certificate-based methods
•Work closely with Subject Matter Experts to confirm the detail design of each solution component and integration among components; as well as coordinate the implementation of the detail design
•Develop and document repeatable integration patterns and architectural reference models for application teams
•Troubleshoot and resolve complex PAM and IAM issues across cross-functional environments in a timely manner
•Provide knowledge transfer, best practices, and recommendations to strengthen PAM and secrets management governance and operational efficiency
•Work with the Enterprise Architecture group to apply standards
•Work with the Cyber Security group to apply Cyber Security standards
•Present and seek approval for proposed design from different governing bodies
•Other related activities and deliverables as required

Qualifications
The Consultant should have the following qualifications and skills:

•University degree or college diploma in Computer Science, Information Security, or a related field
•Minimum of ten (10) years of relevant work experience in Identity and Access Management (IAM) with a focus on Privileged Access and Secrets Management
•Minimum of five (5) years of direct hands-on experience architecting, implementing, and operating CyberArk Privileged Privilege Cloud
•Minimum of five (5) years of direct hands-on experience architecting, implementing, and operating Azure Privileged Identity Management and Azure Key Vaults
•Demonstrated strong expertise across CyberArk components, including Vault, CPM, PSM, SIA, CP/CCP
•Demonstrated experience with CyberArk migration projects (on-prem to cloud, or multi-tenant deployments)
•Demonstrated strong knowledge of secure authentication methods including SAML. OIDC, FIDO2/WebAuthn, and PKI
•Demonstrated strong understanding of privileged session recording, monitoring, and compliance requirements
•Demonstrated ability to design and implement Role-Based Access Control (RBAC) frameworks, particularly for internally developed applications
•Demonstrated strong technical knowledge of containers (Docker/Kubernetes), networking, and web services protocols such as REST and SOAP, as well as API design and integration using JSON/XML
•Ability to produce clear, concise, and business-ready documentation tailored to technical and nontechnical audiences
•Strong analytical and problem-solving skills, combined with effective negotiation and communication skills

Additional Qualifications

The following will also be considered:

•Demonstrated experience with Agile and DevOps
•Demonstrated knowledge of Cyber Security certifications (CISSP, GIAC, etc.)
•Demonstrated experience in the banking industry and/or government organizations
•Demonstrated experience with identity governance and integration with SailPoint or Microsoft Entra ID

Summary
If you're interested in learning more please submit your résumé and one of our senior Recruiters would be happy to give you a call to discuss further.

Randstad Canada is committed to fostering a workforce reflective of all peoples of Canada. As a result, we are committed to developing and implementing strategies to increase the equity, diversity and inclusion within the workplace by examining our internal policies, practices, and systems throughout the entire lifecycle of our workforce, including its recruitment, retention and advancement for all employees. In addition to our deep commitment to respecting human rights, we are dedicated to positive actions to affect change to ensure everyone has full participation in the workforce free from any barriers, systemic or otherwise, especially equity-seeking groups who are usually underrepresented in Canada's workforce, including those who identify as women or non-binary/gender non-conforming; Indigenous or Aboriginal Peoples; persons with disabilities (visible or invisible) and; members of visible minorities, racialized groups and the LGBTQ2+ community.

Randstad Canada is committed to creating and maintaining an inclusive and accessible workplace for all its candidates and employees by supporting their accessibility and accommodation needs throughout the employment lifecycle. We ask that all job applications please identify any accommodation requirements by sending an email to accessibility@randstad.ca to ensure their ability to fully participate in the interview process.

This posting is for existing and upcoming vacancies.