Security Architect - Senior

Location: Ottawa, ON, Canada
Date Posted: 26-09-2018
RESPONSIBILITIES 
  • Develop solution architectures that accurately translates business requirements to technology and ensures the design will meet business requirements throughout the lifecycle of a change 
  • Collaborate with Architecture Center of Expertise on the solution design to ensure it complies with enterprise architectural & security standards and future roadmaps 
  • For the Solution Architect in the Security or Architecture CoE, participate in SWAT teams and issue resolution as required 
  • Develop security strategy plans and roadmaps based on sound enterprise architecture practices 
  • Track developments and changes in the digital business and threat environments to ensure that they're adequately addressed in security strategy plans and architecture artifacts 
  • Draft security procedures and standards to be reviewed and approved by executive management and/or formally authorized by the CISO 
  • Determine baseline security configuration standards for operating systems (e.g., OS hardening), network segmentation, and identity and access management (IAM) 
  • Conduct or facilitate threat modeling of services and applications that tie to the risk and data associated with the service or application 
  • Establish a taxonomy of indicators of compromise (IOCs) and share this detail with other security colleagues, including the security operations center (SOC), information security managers and analysts, as well as counterparts within the network operations center (NOC) 
  • Coordinate with DevOps teams to advocate secure coding practices, and to escalate concerns related to poor coding practices to the CISO 
  • Validate IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks, where applicable 
  • Validate security configurations and access to security infrastructure tools, including firewalls, IPSs, WAFs and anti-malware/endpoint protection systems 
  • Liaise with the internal audit (IA) team to review and evaluate the design and operational effectiveness of security-related controls 
  • Review security technologies, tools and services, and make recommendations to the broader security team for their use, based on security, financial and operational metrics 
  • Providing planning and input into the software engineering and product development process, related to security, sensitive to the constraints and needs of the business 
  • Providing guidance and consultation to individuals and groups to ensure on-going projects and initiatives are in alignment with the corporate security architecture 
  • Providing input and consulting support on large-scale projects and road maps for compatibility with the enterprise’s security standards and policies 
SKILLS 
  • Client Management : can consolidate business requirements and translate them into sound solution architecture 
  • Solution design: familiar with workflow concepts and how they integrate with application solutions in a cross application context 
  • Application development : knowledge of functions, features and facilities of applicable programming languages 
  • Application development concepts: is familiar with developing Service Oriented Architecture (SOA) based services within medium to highly complex application environments 
  • Familiarity with both functional and performance aspects of integration 
  • Domain knowledge: experience in relevant IT domain 
  • Interpret business, technology and threat drivers, and develop practical security roadmaps to deal with these drivers. 
CERTIFICATIONS 
  • Academic : undergraduate degree in engineering, computer science, business, or equivalent (required), Graduate degree in Business Administration (MBA) (Asset) 
  • ISC2's CISSP 
  • ISACA's CISM or CISA 
EXPERIENCE 
  • Minimum 3-5 years’ experience as a Solution, Infrastructure, Business or Data Architect. 
  • Minimum 5-8 years’ experience in progressively advancing roles within IT. 
  • Experience or understanding of the following frameworks: 
  • Payment Card Industry Data Security Standard (PCI-DSS) 
  • NIST Cybersecurity Framework (CSF) 
NICE TO HAVE 
  • Mature perspective on architecture and its role in a dynamic company 
  • Exceptional interpersonal skills in areas such as teamwork, facilitation and negotiation 
  • Excellent understanding of technologies (current and emerging) 
  • Ability to work in a fast-paced agile development environment
DURATION: 6 months plus possible extensions
or
this job portal is powered by CATS