Principal, Identity & Access Management

Toromont CatConcord, ON
CA$91,820 - CA$114,776Remote

About The Position

Toromont Cat is seeking a Principal, Identity & Access Management to join our team. The Principal, IAM leads Toromont’s identity program across all human and non‑human identities. Reporting to the Director, Cybersecurity, this role sets the IAM strategy, architecture, and roadmap to establish identity as a core Zero‑Trust capability across IT and OT/ICS. They drive key IAM capabilities: identity lifecycle and JML automation, SSO/MFA and conditional access, PAM, and IGA rollout while guiding how access is managed securely at scale. The role serves as the enterprise IAM authority, mentors technical teams, partners with risk and audit, and represents IAM in architecture reviews and vendor evaluations.

Requirements

  • 8+ years IAM experience — Strong hands‑on background across core IAM domains.
  • Identity lifecycle & JML — Human and non‑human identity management expertise.
  • IGA platforms — SailPoint, Saviynt, or Entra ID Governance; RBAC, personas, entitlements, access reviews, SoD.
  • PAM tools — CyberArk, BeyondTrust, or Delinea; vaulting, JIT/JEA, session and secrets management.
  • SSO/MFA & federation — SAML, OIDC, OAuth2, SCIM; conditional access (Entra ID/Okta/Duo).
  • Machine/service identity governance — Workload, machine, and service‑account controls, plus AI and agent service‑account governance.
  • Zero Trust — Strong grounding in least‑privilege and identity‑centric security.
  • Audit & compliance — SOC, FSA and access certifications; audit evidence and reporting.

Responsibilities

  • Lead the enterprise IAM strategy, reference architecture, standards, and multi‑year roadmap across IT and OT/ICS.
  • Build and automate lifecycle management for human and non‑human identities (including AI and agent service accounts), with full JML automation and governance.
  • Implement PAM for all privileged accounts with vaulting, JIT/JEA access, session controls, and secrets management.
  • Deploy the IGA platform; define RBAC, personas, entitlements, access workflows, SoD controls, and certification processes.
  • Establish enterprise SSO, MFA, conditional access, and federation standards aligned to Zero Trust.

Benefits

  • Competitive total rewards including: wages, benefits, and premiums (as eligible)
  • An opportunity for flexible work schedules and opportunities across multiple locations, from Manitoba to Newfoundland
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service