Title: Cybersecurity Architect
Location: North York, ON (3 days onsite per week)
Key points:
The primary focus is on developing design patterns for product squads, with a strong emphasis on cybersecurity. This involves establishing and managing a comprehensive cybersecurity roadmap and program.
- Currently, there is a lack of a documented security capability model, which needs to be addressed.
- The infrastructure must have a clear and defined path for enhancing security capabilities.
- With the recent establishment of a product operating model, maintaining a robust cybersecurity posture is crucial.
- This role will involve some internal processes and expectations, but the main emphasis will be on strategic planning, building, and executing cybersecurity initiatives.
- The position requires collaboration with a diverse range of stakeholders, both within the organization and externally. CISSP certification is preferred.
Summary:
We are ready to take this game to the next level and need a passionate Cybersecurity Architect to proactively and holistically identifies and leads the development of Enterprise Cybersecurity transformation and optimization initiatives and are accountable for the creation of the Enterprise Cybersecurity Architecture and Roadmap. Development of the Enterprise Security Architecture and Roadmap includes architectural views, business capability maps, reference models and technology blueprints and Cybersecurity patterns.
WHAT YOU NEED:
Experience:
- Minimum ten (10) years of experience in progressively advancing roles within Technology or a related function
- Minimum five (5) years of Security Architect experience.
- Minimum ten (10) years of experience as an Enterprise Architect or related role
- Proven experience in developing and implementing business and application architectures within a technology function of an organization
Education & Knowledge:
- Post-secondary degree, preferably in an information technology, cybersecurity or related field Has a proven understanding of enterprise architecture and can apply this in the development of new architecture systems
- Advanced Certification in Security (CISSP), Risk Management (CRISC) and/or Certified Information Security Manager (CISM) and/or other security certifications
- Knowledge and experience with industry standards including PCI DSS, ISO 27001, SOC2, and NIST framework.
- Knowledge of tools, techniques, processes around information security architecture, technologies, security management, security administration, data privacy, computer forensics, digital forensics tools, penetration testing, business continuity planning, vulnerabilities assessment, firewall management, network and internet security and computer network defense
- Knowledge of architecture development methodology (ADM) and TOGAF is preferred (Zachman, and others will be considered)
- Knowledge of information technology environments, including information cybersecurity, encryption methods and privacy- based solutions
- Direct, hands-on experience or strong working knowledge of managing security infrastructure — e.g., firewalls, intrusion prevention systems (IPSs), web application firewalls (WAFs), endpoint protection, SIEM and log management technology.
- Verifiable experience reviewing application code for security vulnerabilities and vulnerability management tools.
- Experience securing CI/CD pipelines and automation systems
- Documented experience and a strong working knowledge of the methodologies to conduct threat-modeling exercises on new applications and services.
- Full-stack knowledge of IT infrastructure (Applications, Databases, Operating systems — Windows, Unix, Linux and OpenVMS, Virtualization Hypervisors, IP networks — WAN and LAN, Storage networks, Containers - Docker/Kubernetes)
- Direct experience designing IAM technologies and services