Security Architect

Responsibilities:

1. Defines, evaluates, and assesses security architecture requirements for systems environments and IT projects.
2. Conduct Threat Risk Assessment for SaaS, PaaS, IaaS and on-prem applications.
3. Conduct risk assessments to identify security risks related to AI technologies and assess their impact on the organization.
4. Communicate security risks and mitigation strategies effectively to stakeholders, ensuring transparency and collaboration.
5. Develops technical architecture, framework, and strategies to meet the business and application requirements.
6. Advises on the identification, analysis, and resolution of specific security factors, risks, vulnerabilities; protection of personal privacy issues; and appropriate industry and international security standards.
7. Analyze and evaluate alternative security technology solutions to meet business problems.

General Skills:

1. Strong understanding and expertise in security architecture.
2. Knowledge of techniques to secure information assets and implementation of security technologies.
3. Experience in Threat Risk Assessment methods and understanding of Information Management principles, concepts, policies, and practices.
4. Proven techniques to identify gaps or weaknesses in security architecture to mitigate known security threats or inherent weaknesses.
5. Solid knowledge of current security and contingency technology and techniques.
6. Experience in digital signature, encryption, access controls, firewalls, authentication, virus protection, etc., and a proven working knowledge of security audit procedures and protocols.
7. Experience in developing enterprise architecture deliverables (e.g., models).
8. Knowledge of risk management frameworks, industry best practices, and security policy creation.

Desirable Skills:

1. Experience in developing enterprise architecture deliverables (e.g., models) based on Ontario Government Enterprise Architecture processes and practices.
2. Knowledgeable in OT security publications and models such as NIST 800-82 and Purdue Model.
3. Knowledge of ICS, SCADA, or OT Systems Certification or Training.

Must have:

1. Six (6) to eight (8) years’ experience working in a security architect or similar role.
2. Knowledge of regulatory and assurance compliance requirements including ISF SOGP, NIST, SSAE16/18 (SOC 1,2 3), PCI DSS 3.2+, and Data Privacy.
3. Experience with risk assessment methodology (ISF IRAM, NIST).
4. 6-8 years Experience in designing security architecture for information technology and operational technology.
5. 6-8 years Experience in reviewing system security measures and able to recommend/design/architect missing security controls.
6. 6-8 years Experience in implementing zero trust architecture.
7. 6-8 years Experience in NIST, SOC, SSAE 18, PCI framework.
8. 6-8 years Experience in designing security controls for SaaS, PaaS, and IaaS.
9. Experience in security tools, frameworks, and technologies relevant to AI systems.