Job Description

Our client...

A rapidly growing fintech company based out of downtown Toronto, is looking for someone to assist in their continued, large-scale business and technology transformation initiatives.

What's in it for you?

Join a team in expansion mode with an award-winning platform in an industry sector that is experiencing rapid change. Features include a dynamic team and working environment that provides ongoing support with frequent companywide social events and a fully stocked kitchen.

Responsibilities:

Strategy & Planning

• Maintaining an in-depth knowledge of company's strategic business plans.
• Providing architectural consulting expertise, direction, and assistance to Business Systems Analysts, Business Solutions Architects, Infrastructure team, and Application Developers.
• Evaluating and documenting the company's existing security architecture and technology portfolio.
• Identify potential sources of application security risk, prioritizing them based on risk impact.
• Developing and documenting multiple options for revised IT architectures and changes to the technology portfolio, with recommendations for security optimization and cost/benefit analyses for each option.
• Provide guidance on Threat Assessment and Response initiatives in alignment with the strategic and operational objectives of the technology organization and the business.
• Understanding and articulating to key stakeholders how information aspects of the Security Architecture help achieve business strategy.
• Developing, documenting, communicating, and enforcing a technology standards policy.
• Conducting research on emerging technologies in support of infrastructure development efforts and recommending technologies that will increase cost effectiveness and infrastructure flexibility.
• Designing, developing, and overseeing implementation of end-to-end integrated security systems.
• Identifying where change is required (development of a Gap mitigation plan) to keep the Security Architecture vital, sustainable, and ready to support business capabilities.
• Ensuring alignment between different domains of IT architecture.
• Defining the Security Architecture framework to have non-redundant, integrated, cost-effective solutions with a common foundation for all system.
• Help define and articulate a strategic roadmap to enable our client's current and future security needs, based on the IT strategic roadmap and Business strategy.
• Support other domain architects - Address technical architectural issues throughout the construction of a solution to ensure that it remains true to the defined technical solution architecture.

• Collaborating with end users and senior management to define business requirements in support of complex systems development efforts and to gain buy-in for all technology plans.
• Accountable to engage with the organization and IT team to identify and prioritize continuous improvement in Cyber response capabilities.
• Provide guidance for the delivery of the Cyber Incident Response Program.
• Work with external (Third parties) and internal clients (Internal Audit) to remediate identified gaps.
• Reviewing new and existing IT projects, systems designs and procurement/outsourcing plans for compliance with IT standards and architectural plans.
• Providing guidance to junior members of the team.
• Occasional after-hours work required.
• On-Call availability is required.

• University degree in Computer Science, Engineering, Mathematics, or a related disciple.
• Security, infrastructure, and application design certifications preferred.
• CISSP, CEH, CISM, OSCP, and other certification are preferred.

• 10+ relevant experience, with 5+ years' work experience as an Security Engineer/Architect.
• Extensive knowledge in application security principles.
• Good working knowledge application security testing methodology such as SAST & DAST
• Good working knowledge of OWASP standards.
• Working knowledge of application Security tools such as SonarQube and Veracode
• Good understanding of the architectural principles of cloud-based platforms including IaaS, PaaS and SaaS. In AWS and Azure.
• Good understanding of cloud security.
• Hands-on experience with business requirements gathering and analysis.
• Proven experience in systems design and development.
• Strong understanding of information processing principles and practices.
• Working knowledge of security standards (ISO 27001, NIST 800-53, etc.) frameworks (NIST Cybersecurity, etc.) and regulations (particularly in financials) is preferred.
• Solid knowledge of network technologies, hardware platforms and operating systems.
• Solid understanding of security requirements through entire technology stack.
• Solid Knowledge of current software, protocols, and standards.
• Excellent knowledge of hardware and software evaluation principles and practice.
• knowledge of multiple programming languages and development methodologies.
• Knowledge enterprise security practices.
• Proven project planning and management experience.
• Strong knowledge of Cyber Simulations, Threat Modelling, and Penetration testing
• Good knowledge of applicable data privacy practices and laws.
• Exceptional analytical, conceptual, and problem-solving abilities.
• Excellent understanding of the organization's goals and objectives.

• Superior written and oral communication skills.
• Excellent technical architecture and technical support documentation skills.
• Strong interpersonal and consultative skills.
• Ability to conduct research into emerging technologies and trends, standards, and products as required.
• Ability to engage senior executives on offerings, emerging technologies, lead discussions and provide insightful recommendations.
• Ability to present ideas in a user-friendly, non-technical language.
• Ability to effectively prioritize and execute tasks in a high-pressure environment.
• Experience working in a team-oriented, collaborative environment.
• Inherent need to challenge assumptions
• Mentor more junior information security team members
• Ability to work independently with minimum direction in a fast-paced environment as well as collaborate effectively while maintain an "options before obstacles" mindset.