Sr Security Architect, IT/OT

The Senior Security Architect will be required to work 7 hours per day (excluding 1 hour lunch break) Mondays to Fridays at Union Station, 61 Front Street West, Toronto 2-3 days per week on site but may be required to work from different locations within the City of Toronto occasionally.
 

• Hybrid Work – 2 to 3 days in office.
• University degree in Computer Science, Information Security, Cybersecurity, or a related field
• Masters degree in Network Security, Cybersecurity, Information Security or related field.
• 8+ years of relevant Security Architecture experience
• 5+ years of relevant experience with Cybersecurity Governance and Risk assessments
• 10+ years of Information Technology experience
• Demonstrated experience with and development / refresh of Cybersecurity policies, standards and procedures
• Certified Information Systems Security Professional (CISSP) plus any one of the underlisted certifications are required:

• SABSA Foundation (Sherwood Applied Business Security Architecture)
• CCSK (Certificate of Cloud Security Knowledge)
• CCSP (Certified Cloud Security Professional)
• GICSP (Global Industrial Cyber Security Professional)
• TOGAF Foundation (The Open Group Architecture Framework)

Other Skills/Certifications

• Extensive experience in depth understanding of networking principles including TCP/IP, WANs, LANs, and commonly used Internet protocols such as SMTP, HTTP, FTP, POP,  LDAP, SAMLv2, OAuth, and SSL/TLS.
• In-depth  understanding of the technology stack including network security configuration management (e.g. routers, LANs, WANs, VPNs), endpoints, network segmentation, micro-segmentation, Public Key Infrastructure, certificates, Security Information and Event Management, data loss prevention tools and techniques, endpoint detection and response tools and active directory and domain controllers security management, group policies, and security configuration.  Familiar with Cyber Asset Attack Surface Management (CAASM).
• Working knowledge of industry leading frameworks such as NIST 800-82 or IEC 62443 across people, process and technology domains
• 8-10 years of experience in architecture and hands-on technology implementation across a heterogeneous landscape of technology
• Experience designing or configuring Data Security Posture Management (DSPM) and Data Loss Prevention (DLP) solutions, including data discovery, classification, and policy enforcement across cloud and hybrid environments.
• Intimate with the technologies and architecture principles required to secure sophisticated network environments such as: Endpoint Security, DLP, NGFW, Zero Trust, VPN, VLANs, IDS, IPS, ACLs, device authentication, network behavior anomaly detection, SOAR, firewall configuration management, DDoS protection, etc.
• Experience securing Operational Technology (OT) and IoT environments, including familiarity with IEC 62443 controls, APTA standards, network segmentation between IT/OT domains, and risk-based security architecture for cyber-physical systems.
• Experience in cloud computing (e.g., infrastructure security, storage security, platforms security and data security)

1. Provide subject matter expertise to cybersecurity domain in the areas related to email gateway, endpoint detection and response, SIEM, Cloud security access broker, IPS, IDS, VPN, Network Security, Zero Trust, API Security, Endpoint Security, Data Security, Identity and Access Management
2. Create artefacts – architectural documents, system specifications, policies, standards, guidelines, standard operating procedures, playbooks, plans in the areas of cybersecurity, disaster recovery, respond and recover
3. Provide technical direction and provide architectural solutions for designing, building redundant and highly available infrastructure/cybersecurity solutions
4. Evaluate and recommend new technologies to enhance security capabilities
5. Document and address organization’s information security, cybersecurity architecture, and systems security engineering requirements throughout the life cycle
6. Perform security reviews, identify gaps in security architecture, and develop a security risk & recommendation plan
7. Determine the protection needs (i.e., security controls) for the information system(s) and network(s) and document appropriately
8. Provide relevant solutions regarding vulnerabilities and controls, and implement new security technologies and best practices into the multi cloud and cloud offering environment
9. Collaborate with cross-functional teams, such as software development, infrastructure, and operations, to ensure the secure design, development, and deployment of applications and services
10. Develop and maintain a security architecture process that enables the enterprise to develop and implement security solutions and capabilities that are clearly aligned with business, technology and threat drivers
11. Conduct comprehensive security risk assessments of new and existing information systems, networks and infrastructure to identify potential vulnerabilities, threats, and risks. This involves analyzing security controls, performing vulnerability assessments, and evaluating security architecture to determine potential risks
12. Recommend controls to mitigate security risks identified through the risk assessment process and communicate risk findings that are clear and actionable by relevant stakeholders.

1. DSPM + DLP solution for at least 500 users
2. Identity & Access Management platform security architecture
3. Cybersecurity policies/standards
4. Support security architecting for both Capital and Operating projects
5. SIEM upgrade/Migration
6. SOAR architecture & planning
7. Enterprise Password Management solution