Our employees are at the heart of everything we do. Together, we help people, businesses, and society prosper in good times and be resilient in bad times.

Our employee promise represents Intact’s commitment to you in exchange for living our Values, striving to do your best work, being open to change and investing in your career. In return, we promise to provide support, opportunities and performance-led financial rewards at a workplace where you can shape the future, win as a team and grow with us.

Pay at Intact is about much more than just salary.

• Flexible work arrangements and a hybrid work model

• Possibility to purchase up to 5 extra days off per year

• Multiple benefits offered to support physical and mental wellbeing, including telemedicine, Wellness account and much more

• Share plan & other savings: up to 12% of salary or even more (ask how you could earn guaranteed income for life)

Salary range (but not limited to):

Annual bonus target, based on the base salary, with a potential payout of up to double the target (subject to personal and company performance):

As part of our commitment to Win As A Team, we share our success with employees through our annual bonus plan and Employee Share Purchase Plan (ESPP) – with Intact matching 50% of your net shares.

Our pension offerings provide flexibility and long-term security for our employees beyond their careers. We are one of the few companies offering the opportunity to receive guaranteed income for life via our defined benefit pension plan.

Salary for the candidate will be determined taking into consideration a number of factors including: experience, skills, qualifications, anticipated contribution to role, internal equity, etc. The salary range presented above is based on a 35-hour workweek and would represent a majority of different candidate profiles. However, we encourage candidates who may fall outside of this range to apply as well.

About the role

We are seeking an experienced manager to lead the team responsible for Identity and Access Management (IAM) of our external parties, including authentication and authorization services. You will provide strategic direction, operational leadership, and people management to deliver secure, scalable, and user-friendly identity capabilities for brokers and customers. This role combines product-oriented leadership, modern engineering practices, and strong stakeholder alignment to drive measurable security and business outcomes.

What you’ll do here:

• Lead and develop a high-performing team delivering IAM capabilities for brokers, partners, and customers, including coaching, hiring, career development, and performance management.

• Build and manage a multi‑year IAM Strategy and Roadmap (authentication, authorization, identity lifecycle), aligned to business priorities, risk reduction, and regulatory requirements.

• Own operational effectiveness of IAM platforms and services: manage vendors, SLAs, cost, and integrations; establish reference architectures and patterns for application teams.

• Drive platform simplification and modernization (consolidation, vendor rationalization, standards adoption) and cost efficiency without compromising security or user experience.

• Evaluate new capabilities; lead POCs and onboarding, in line with the roadmap (e.g., phishing‑resistant MFA, passkeys/WebAuthn, risk‑based authentication, consent management).

• Guide squads in backlog management, sprint planning, and iterative delivery; define clear OKRs and KPIs.

• Serve as a trusted advisor to product, engineering, security risk, operations, compliance, and business stakeholders; balance conversion and user friction against risk reduction.

• Support projects and programs by decomposing complex initiatives into phased deliverables; manage dependencies and risks; provide transparent status and risk reporting up to senior leadership.

• Ensure services meet SLOs for availability, performance, and resilience; implement robust observability (metrics, logs, traces), synthetic monitoring, alerting, and runbooks; define on‑call and incident response expectations and lead post‑incident reviews.

• Partner with Risk/Compliance to meet financial services regulatory expectations (e.g., SOC 2, ISO 27001, OSFI, and OSC, as applicable); ensure audit readiness and timely findings remediation.

What you bring to the table:

• Bachelor’s degree in Computer Science, Information Security, Engineering, or related field; or equivalent experience.

• 10+ years in information technology with at least 3 years managing technical teams in security or IAM; experience leading cross‑functional initiatives at scale.

• 3+ years of hands‑on experience with IAM, including modern authentication (OIDC/OAuth2, SAML, FIDO2/WebAuthn/passkeys), token lifecycles, authorization and session management.

• Strong understanding of:

  • IAM concepts: identity lifecycle for customers/partners, federation, RBAC/ABAC, externalized policy engines, provisioning/de‑provisioning, and segregation of duties where applicable.

  • Security and app delivery: cryptographic protocols/TLS, reverse proxies and CDNs/edge, API security, bot mitigation and fraud signals, OWASP Top 10, and secure SDLC practices.

  • Platform engineering: Kubernetes and orchestration, infrastructure‑as‑code, CI/CD, feature flags and safe rollout patterns, observability, zero‑trust principles, and DR/BCP for auth systems.

• Experience with major IAM solutions is an asset (e.g., IBM Security Verify, Okta/Auth0, ForgeRock, Ping, Azure AD/Entra External ID).

• Demonstrated portfolio planning, dependency management, and risk mitigation; proven ability to define and track product and reliability metrics.

• Initiative, creativity, and autonomy: proactive in seeking data and stakeholder input, managing expectations, articulating trade‑offs, and driving continuous improvement.

• Excellent communication and influence skills, including executive updates and guidance for engineering teams.

• Strong ethical principles and understanding of security and privacy by design in customer contexts.

• Relevant certifications are an asset (e.g., IAM vendor certs, CISSP, CCSP, cloud, product management).

• French is an asset - For candidates located in Quebec, bilingualism is required considering the necessity to interact on a regular basis with English speaking colleagues across the country.  

• No Canadian work experience required however must be eligible to work in Canada.

#LI-Hybrid

We are an equal opportunity employer

At Intact, our Value of respect is founded on seeing diversity as a strength. We strive to create an accessible workplace where employees feel valued, included and encouraged to share their unique perspectives.

We encourage applications from individuals who are members of equity-deserving groups, including but not limited to women, Indigenous peoples, persons with disabilities, Black people, and members of the 2SLGBTQI+ community.

As part of Intact’s commitment to reconciliation, we acknowledge that we work, meet and travel across the land currently called Canada, originally inhabited by First Nations, Metis and Inuit people. This history extends through many centuries and continues to evolve today.

We have policies to ensure equal access and participation for people with disabilities, including providing workplace adjustments (accommodations). A copy of applicable policies is available on request.

If we can provide a specific adjustment to make the recruitment process more accessible for you, please let us know when we reach out about a job opportunity. We’ll work with you to meet your needs.

Learn more about our recruitment process and your candidate journey here.

Please note that Intact does not provide sponsorship or other support for immigration-related matters including but not limited to employer-specific closed work permits. Candidates must be eligible to work in Canada from the anticipated start date and throughout their employment and are solely responsible for maintaining their work eligibility.

If you are an employee of Intact or belairdirect, please apply for this role on Internal Career Site.