Cyber Security Solutions Architect- #26-14968

Contract Duration: 16 Months
 
Job Description:

• Provide cyber security and technology risk advisory services to support Bank objectives 
• Assess current and target state architectures (cloud and on-prem) to support secure, compliant, and risk-based technology delivery 
• Identify and assess security risks, vulnerabilities, and control gaps across applications, infrastructure, and emerging technologies (including AI-enabled solutions)
• Develop and maintain security standards, policies, and control requirements aligned with Bank frameworks and industry best practices 
• Define and promote secure design patterns, reference architectures, and reusable security artifacts across platforms and development lifecycles 
• Support secure configuration, governance, and compliance for cloud, applications, and DevSecOps pipelines 
• Facilitate and support threat modelling activities across applications, platforms, and AI-enabled solutions to identify threats, attack vectors, and control weaknesses 
• Enhance application security and DevSecOps practices, including secure SDLC, code scanning, and pipeline security controls
• Contribute to vulnerability management practices, including identification, triage, prioritization, and remediation guidance across systems and applications
• Advise on technology risk, vulnerability management, and security testing (e.g., SAST, DAST, container and dependency scanning)
• Support and contribute to the integration of AI into security practices, where applicable (e.g., vulnerability discovery, risk prioritization, and security analysis), including assessing risks associated with AI adoption 
• Translate technical security risks into business impact and provide clear, risk-based treatment recommendations 
• Produce executive-ready documentation, reporting, and artifacts for stakeholders, governance forums, and leadership 
• Support implementation planning, prioritization, and adoption of security controls and risk mitigation strategies 
• Provide subject-matter expertise, workshops, and knowledge transfer across development, platform, and business teams 
• Perform other related duties and deliverables as required

• University Degree or College Diploma in computer science, information security, engineering, or a related field 
• A minimum of five (5) years of recent demonstrated experience in information technology or cyber security
• A minimum of three (3) years of recent demonstrated experience as a Cyber Security Architect or senior security specialist in complex, regulated environments 
• Demonstrated experience assessing current-state security posture and defining target-state security architectures 
• Demonstrated experience designing and governing security controls (e.g., IAM, network security, data protection, logging and monitoring) 
• Demonstrated experience identifying security, risk, and compliance control gaps and recommending risk-based improvements 
• Demonstrated experience developing security standards and reusable security architecture artifacts (reference architectures, patterns, building blocks)

• Demonstrated strong knowledge of cyber security and risk frameworks such as NIST CSF, NIST SP 800-53/61/92, and ISO/IEC 27001/27002 
• Demonstrated knowledge with enterprise and security architecture frameworks (e.g., TOGAF, SABSA) 
• Demonstrated experience aligning security architectures with regulatory and supervisory expectations (e.g., financial services risk management) 
• Demonstrated knowledge of third-party and risk management practices 
• Relevant certifications would be considered an asset (e.g., CCSP, CISSP, CISM, AWS/Azure security certifications).