Job Description

Flexiti is one of Canada’s fastest growing fintech lenders. We aim to make our customers’ lives more affordable and help our retail partners grow their sales by offering flexible financing options. Through our award-winning omni-channel platform, customers can be approved instantly to shop with their FlexitiCard®, which they can use online or in-store to make multiple purchases, within their credit limit, without needing to reapply.
At Flexiti, we work hard, we love what we do, and we have some fun along the way! If you are looking for an energizing and innovative work environment with great people and big ideas, we’d love to have you join us!
To learn more about Flexiti, please visit www.flexiti.com
General Description
The Security Architects’s role is to develop and maintain design plans for the overall logical and technical IT security architecture. You will provide technical leadership and consulting expertise across the organization, be responsible for presenting findings and recommendations at all levels within the company to gain commitment for high-level security plans, as well as initiating and participating in projects to evaluate various technologies and methods for successfully implementing those plans. The incumbent will help bring Flexiti’s vision to life; someone who is passionate about assessing and designing enterprise security systems for on premise and cloud platforms. What You Will Do: The Security Architect conducts a broad range of analyses, defines architectures and solutions, and provides technical recommendations with respect to specific IT service delivery functions defined within the Flexiti Security Service Strategy and Service Design categories, including:

• Architecture Management
• Demand Management
• Availability Management
• Architectural Governance

• Implement and Manage the Secure SDLC and ensure that security risk and compliance objectives are addressed. Integrate application security into the development lifecycle
• Provide guidance on Threat Assessment and Response initiatives in alignment with the strategic and operational objectives of the technology organization and the business.
• Designing, developing and overseeing implementation of end-to-end integrated security systems.
• Identifying where change is required (development of a Gap mitigation plan) in order to keep the Security Architecture vital, sustainable and ready to support business capabilities.
• Help define and articulate a strategic roadmap to enable Flexiti`s current and future security needs, based on the IT strategic roadmap and Business strategy.

• Collaborating with end users and senior management to define business requirements in support of complex systems development efforts and to gain buy-in for all technology plans.
• Accountable to engage with the organization and IT team to identify and prioritize continuous improvement in Cyber response capabilities.
• Provide guidance for the delivery of the Cyber Incident Response Program.
• Work with external (Third parties) and internal clients (Internal Audit) to remediate identified gaps.
• Reviewing new and existing IT projects, systems designs and procurement/outsourcing plans for compliance with IT standards and architectural plans.

• 10+ relevant experience, with 5+ years work experience as an Application Security Engineer/Architect.
• Proven experience performing security design reviews for complex applications, including distributed systems, APIs, and services deployed to cloud and on-premises environments
• Fluency with the OWASP Top 10, SANS Top 25 programming errors and other common vulnerabilities and exploit techniques
• Good understanding of application security concepts such as SAST / DAST and cloud security
• Good understanding of the architectural principles of cloud-based platforms including IaaS, PaaS and SaaS. In AWS and Azure.
• Knowledge of compliance requirements for industry-standard certifications like PCI DSS, and SOX
• Proven experience in systems design and development.
• Strong understanding of information processing principles and practices.
• Knowledge of security standards (ISO 27001, NIST 800-53, etc.) frameworks (NIST Cybersecurity, etc.) and regulations (particularly in financials) is preferred.
• Solid knowledge of network technologies, hardware platforms and operating systems.
• Solid understanding of security requirements through entire technology stack.
• Solid Knowledge of current software, protocols and standards.
• Excellent knowledge of hardware and software evaluation principles and practice.
• Strong knowledge of Cyber Simulations, Threat Modelling, Penetration testing, and data privacy practices and laws
• CISSP, CEH, CISM, OSCP, and other certification are preferred.