Senior Identity Management Consultant (ForgeRock On-Premise and Cloud)

at  CGI

We are seeking an experienced Senior Identity Management Specialist with extensive expertise in the ForgeRock Identity and Access Management (IAM) suite, including OpenIDM, OpenAM, and OpenDJ, for both on-premise and cloud environments. The candidate will be responsible for consulting, architecture, design, deployment, customization, fine-tuning, and operations management of ForgeRock IAM solutions, with a focus on user lifecycle management, authentication, authorization, federation, and directory services.
This role requires a deep understanding of identity and access management principles, hands-on experience with ForgeRock’s IAM suite, and the ability to lead and mentor junior resources. The ideal candidate will collaborate across teams to meet business needs and ensure security compliance, particularly within the banking domain.
The role is based in Canada and is in hybrid mode. One is expected to work out of office two days in a week.

YOUR FUTURE DUTIES AND RESPONSIBILITIES

• ForgeRock Identity Management (OpenIDM): Design and implement user lifecycle management solutions, including provisioning, reconciliation, and synchronization of identities.
• ForgeRock Access Management (OpenAM): Configure and manage authentication, authorization, federation, and Single Sign-On (SSO) capabilities.
• ForgeRock Directory Services (OpenDJ): Maintain high-performance directory access and storage to support user identity management.
• ForgeRock Backstage Portal: Utilize the ForgeRock Backstage Portal for support, troubleshooting, and community engagement.
• Custom Scripts and Connectors: Develop custom scripts (JavaScript, Groovy, Shell) and connectors to integrate IAM solutions with various applications and systems.
• System Monitoring and Optimization: Monitor IAM system performance, conduct regular audits, and provide recommendations for optimization.
• Collaboration & Technical Specifications: Collaborate with cross-functional teams to gather business requirements and translate them into IAM technical specifications.
• Security Compliance: Ensure all IAM implementations meet security policies, standards, and compliance requirements, including regular updates and patching.
• Technical Support: Provide troubleshooting and technical support for ForgeRock IAM-related issues and challenges.
• Documentation: Document technical processes, configurations, and procedures to support knowledge sharing, operational consistency, and compliance.

REQUIRED QUALIFICATIONS TO BE SUCCESSFUL IN THIS ROLE

• 10 plus years of experience at minimum
• ForgeRock IAM Suite Expertise: Proven hands-on experience with ForgeRock Identity Management (OpenIDM), Access Management (OpenAM), and Directory Services (OpenDJ).
• IAM Principles & Technologies: Strong understanding of identity lifecycle management, authentication, authorization, federation, and directory services concepts.
• Technical Expertise: Experience with LDAP, SSO, OAuth, SAML, RESTful APIs, and integration with cloud and on-premise applications.
• Scripting: Proficiency in scripting languages such as JavaScript, Groovy, or Shell for custom connector and automation development.
• System Optimization: Strong capability in system performance monitoring, auditing, and providing optimization solutions.
• Platform Integration: Experience integrating IAM solutions with applications like ForgeRock, Okta, and Oracle Identity Gateway.
• ForgeRock Ops: Experience in ForgeRock Ops, including platform troubleshooting, fine-tuning, and operational best practices.
• Certificate Management: Experience in managing digital certificates within IAM solutions.
• Compliance & Security: Knowledge of security policies and standards, particularly within the banking/financial services domain.
• Problem Solving & Communication: Strong analytical skills, attention to detail, and excellent problem-solving abilities.
• Collaboration: Ability to collaborate with cross-functional teams, clients, and stakeholders, translating business requirements into technical implementations.
• Multi-Timezone Support: Flexibility to work across multiple Canadian time zones, ensuring IAM support and leadership for geographically distributed teams.

Preferred Certifications:

• ForgeRock Certified Access Management Specialist
• ForgeRock Certified Identity Management Specialist
• CISSP, CISM, or other relevant security certifications
• LI-AD1