ocation: Remote (Ottawa, ON)
Job Title: Cloud Architect, Cyber Security
Cloud Architect, Cyber Security
Our client is hiring a Cloud Architect, Cyber Security who can thrive in a dynamic and inclusive environment. Reporting to the Director, Information Security, the Cloud Architect, Cyber Security oversees the secure implementation of the company's Digital Transformation and continued operations. This includes all aspects of Cloud security on platforms such as Microsoft Azure, O365, D365, MS Teams, Exchange online, SharePoint online, Sentinel in addition to the secure implementation of SaaS, IaaS and PaaS based solutions.
Tracks developments and changes in the digital business and threat environments to ensure that these are adequately addressed in security strategy plans and architecture artifacts.
Validates IT infrastructure and other reference architectures for security best practices, and recommend changes to enhance security and reduce risk where applicable.
Validates security configurations such as OWASP Top 10, GC Guardrails, CSE Top 10 and access to security infrastructure tools, intrusion prevention systems (IPSs), web application firewalls (WAFs), anti-malware/endpoint protection systems, SIEM.
Coordinates with the DevOps teams to advocate secure coding practices and escalate concerns related to poor coding practices to the Director of IT Security.
Coordinates with the privacy officer to document data flows of sensitive information within the organization (e.g., PII) and recommends controls to ensure this data is adequately secured (e.g., encryption, tokenization, etc.).
Participates in code reviews of applications to determine security flaws or other issues that would impact the confidentiality, integrity or availability of the system.
Participates in application and infrastructure projects to provide security planning advice.
Liaisons with the vendor management team to conduct security assessments of existing and prospective vendors, PII, PCI, regulated or other protected data, including:
o SaaS providers
o Cloud/infrastructure as a service (IaaS) providers
o Managed service providers
Evaluate the statements of work from these providers to ensure that adequate security protections are in place. Assess the providers' SOC 2 audit reports (or alternative sources) for security-related deficiencies and required "user controls," and report any findings to the Director of IT Security and vendor management teams.
University degree or College diploma in related area or Industry Security Certification such as: CISSP, CCSP, CCSK, CCA, CCP, The Open Group's TOGAF, SANS' GAIC, IAPP's CIPT.
Minimum of 10 years of related work experience.
Direct, experience with security infrastructure such as IPSs, WAFs, endpoint protection, SIEM and log management technology, including UEBA and SOAR.
Detailed understanding of government security policy, crown corporations, privacy obligations, and risk management.
Documented experience and a strong working knowledge of Security Assessment and Authorization activities on new applications and services.
Expert knowledge of cyber security and cloud security.
Proven experience in managing large projects.
Must have strong communication and organization skills in addition to the ability to find creative and innovative solutions.
Ability to integrate and work with different teams and be a champion of change.