Law Society of Ontario

Infrastructure & Security Systems Analyst, Identity Access Management, Information Technology, Client & People Services - 24 month contract (Hybrid, Toronto)

Job ID
# Positions
Job Type
Contract Full Time
Years of Experience
Working Arrangement




Reporting to the Manager, Infrastructure & Security, the Infrastructure & Security Systems Analyst, Identity Access Management (IAM) works closely with Information Technology (IT) team members, the Human Resources (HR) department, and other business divisions and departments to support existing and implement new access provisioning systems and processes at the Law Society.


Specifically, the Infrastructure & Security Systems Analyst is responsible for managing the infrastructure and system integrations used to support user access provisioning across a wide variety of systems and applications including on-premises, cloud-based IaaS and SaaS solutions, with a strong focus on the use of the SailPoint Identity & Access Management system and Microsoft Active Directory and Azure Active Directory. The Infrastructure & Security Systems Analyst is also accountable to provide guidance on complex issues in area of expertise. Develops/implements complex solutions and provides input to new approaches.


The Infrastructure & Security Systems Analyst is responsible for the design, operation, maintenance, and enhancement of the Identity & Access Management System (IAM) and addresses all ticketed requests or incidents involving its operation. Works with the Helpdesk and User Support team (specifically the Identity & Access Management Support Analyst), application developers, business teams, and vendors to design, build, configure, implement and maintain an IAM integrated solutions that meet the business needs of the Law Society and are aligned with the corporate IT strategies.


Leads the development and implementation of corporate IAM governance processes, assists with IAM standards adoption, and designs, implements and prepares documentation for all identity provisioning integrations. Analyses user access requirements for new systems, implements changes to the existing access provisioning processes based on business needs. Designs and implements data access certification processes to meet compliance and audit requirements.


Identifies, reports and helps to address gaps in the enterprise data security that can expose organizational data to significant security and compliance risks.




  • A college diploma in information/cyber security or computer science, or equivalent education and/or training.
  • Hold or be working towards a relevant certification, including widely recognized security certifications such as SailPoint IdentityIQ Professional/Engineer, SANS GIAC, CISSP, or CISM, or more specific certifications such as the Certified Identity and Access Manager (CIAM) certification.
  • A minimum of 6 years’ experience in a general information security, Linux and Windows systems administration, beanshell or JAVA development, technical user support or customer service role with at least 3 years’ experience provisioning and de-provisioning access to systems and applications using Active Directory, Azure Active Directory or similar environments.
  • At least 3 years' experience in Office 365 workloads or applications administration.
  • Knowledge of Law Society policies and procedures.
  • Ability to assume responsibility and to interface and communicate effectively with others, especially in communicating technical concepts to a business audience.
  • Excellent customer service skills, whether on the phone, by email, or in person.
  • Strong organization skills, and the ability to organize one’s own workload to ensure that user and stakeholder needs are met while still following all policies and procedures.
  • Strong working Active Directory/Azure Active Directory knowledge and management of user accounts across on-premises and SaaS cloud-based solutions.
  • Experience with AD account creation, password resets, account replication and synchronization, Azure AD group membership, distribution groups and other AD functions.
  • Hands-on experience supporting a modern Identity Access Management system such as (but not limited to) SailPoint IdentityIQ, including design and implementation of new system integrations and provisioning processes.
  • Experience configuring role-based controls in Microsoft Office 365, Microsoft Dynamics 365 CRM/F&O and implementation of role-based access controls.
  • JAVA or beanshell development experience, knowledge of XML, user identity provisioning automation and related technologies.
  • Strong working knowledge of information security best practices and standards, especially as they relate to identity and access management, including role-based access control, federated authentication systems, single sign-on, multi-factor authentication, and SAML.
  • Experience and working knowledge in Identity Lifecycle Management, Application Onboarding, Lifecycle Manager and Workflows, Access Certification, Auditing and Reporting.
  • Thorough understanding of networking, Windows 10 operating system, and Microsoft Office programs (Project, Excel, and Word).
  • Knowledge of HRIS systems would be an asset.




Client / Customer Service Planning


  • Works closely with other IT teams, with the Human Resources (HR) department, and with business divisions and departments to manage user identities (i.e. user accounts) and to monitor and control access provisioning for all the Law Society’s staff (including contractors and temps), vendors, and Licensees.

  • Works closely with HR to support all staff hires, changes, and departures, and consults on a regular basis with Law Society managers in all divisions to ensure that user accounts and roles/rights are accurate, current, and complete.

  • Implements monitoring processes to ensure accuracy of access provisioning and revocation.

  • Designs, establishes, and maintains appropriate and functional documentation related to identity management and access control processes.

  • Analyses user access requirements for new systems, implements changes to the existing access provisioning processes based on business needs.

  • Identifies and reports gaps in the enterprise data security that can expose organizational data to significant security and compliance risks.

  • Leads Identity and Access Management corporate governance processes development and assists with IAM standards adoption.

  • Identifies opportunities for efficiencies in account provisioning process and conducts relevant research, data analysis.

  • Provides insight into the IAM functions across the organization, including areas such as federation, authentication / authorization, single sign-on, account security and identity data provisioning.


Client / Customer Service Delivery


  • Addresses all requests or incidents involving the day-to-day operation of the IAM System, and resolves issues related to provisioning and de-provisioning of access across a variety of IT systems and applications.

  • Provides regular updates and reports on activity related to identity management and access controls.

  • Delivers timely and professional service to Law Society staff and management in compliance with relevant policies, procedures, regulatory requirements, and defined service levels.

  • Plans, schedules and coordinates work to ensure tasks and projects are completed and implemented on time and within budget.

  • Applies IAM system related patches and updates on a regular basis and upgrades administrative tools and utilities as necessary.

  • Performs daily IAM system monitoring, verifying the integrity and availability of the system and key processes, reviewing system and application logs, and verifying completion of scheduled jobs.

  • Configures new integration services and makes changes to IAM related provisioning processes as part of the application onboarding process.

  • Designs, implements, and prepares documentation for all identity provisioning integrations and workflows.


Performance Goals, Targets and Standards

  • Manages the flow of information regarding identity / user account creation and the assignment of access rights.
  • Ensures that the ticketing system is up-to-date with regard to tickets related to user accounts and access rights.
  • Contributes to departmental performance and tracking measures (statistics, reports) and engages in continuous performance improvement (work processes, procedures, and service opportunities) to optimize both individual and team performance.
  • Maintains a high level of accuracy; adheres to defined policies, procedures, and defined access controls; and meets performance and customer service goals.


Financial Responsibility


  • Provides input to the Manager, Infrastructure & Security for preparing, monitoring and analysing the department annual Operating and Capital budget expenditures.
  • Assists the Manager, Infrastructure & Security on purchasing processes related to Identity and Access Management tools and services, and in the implementation of new IAM tools and processes.


Team Membership


  • Informs and coordinates with Helpdesk and User Support team, and the Human Resources Department, regarding potential issues related to identity management and access control.
  • Actively participates with all members of the department team and contacts within and throughout the organization, contributing to the efficient and professional delivery of services.
  • Seeks opportunities to improve and expand work processes.
  • Evaluates and updates team members on project execution.
  • Participates as a member of the IT team as an IAM subject matter expert.



The Law Society has introduced a Distributed Workforce Model to leverage flexibility and agility, and to maximize employee productivity and engagement.  Work arrangements will be determined by role and departmental requirements.  The working arrangement for this position has been classified as hybrid, where the employee will regularly flex their work location between home and office.  The specific application of this will be communicated to applicants contacted during the recruitment process.


The Law Society of Ontario values and respects diversity.  We are committed to creating an accessible, barrier-free and inclusive workplace in compliance with the Accessibility for Ontarians with Disabilities Act (AODA).  Please make any requirement you may have for accommodation during the recruitment process known when contacted.  If you are unable to apply to this position due to the requirement for an accommodation of any kind, please email us at or call 416-947-3438.


Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed