IT Security Architect
April 03, 2019
- Working closely with the Enterprise Architect, the Technology and Infrastructure team, and the Information Security team, the Security Architect will:
- Plan, analyze, design and document security requirements and security controls for protecting the information assets, systems and technology of the Firm.
- Participate in information system projects to define security requirements and controls to address cyber security, operational and business risks.
- Designing, documenting and implementing enterprise-class security controls for networks, applications and data:
- Identifying and communicating current and emerging security threats;
- Designing security controls and methods to mitigate security threats;
- Identifying security design gaps in existing and proposed architectures and recommending changes or enhancements;
- Creating solutions that balance business requirements with information and cyber security requirements;
- Identifying security design gaps in existing and proposed architecture and recommending changes or enhancements;
- Creating enterprise architecture security artifacts to communicate security requirements to project team members;
- Developing and documenting information security standards to support the business and information technology architecture;
- Participating in risk assessments for new technologies and projects.
- Analyzing the current information security controls and creating security architecture models, by:
- Analyzing business and technology requirements and developing and publishing Security Principles for architecture;
- Aligning standards, frameworks and security with business and technology strategy;
- Documenting existing enterprise security controls and methods for protecting systems and technology, and creating security standards for the organization;
- Creating security models and patterns and communicating with Enterprise Architects and project teams;
- Writing reports and making presentations.
- Developing target security architecture models to address new technologies and business strategies:
- Analyzing business models and business strategies, and identifying risks;
- Creating and documenting security controls to address threats and risks;
- Communicating security controls, patterns and methods to project teams and management.
- Bachelor’s degree in Computer Science, Engineering or a related field.
- Mandatory certifications include CISSP, plus one additional certification from one of the following lists:
- ISSAP, ISSE, TOGAF, SABSA; or
- CISM, CISA, GIAC.
- Minimum 10 years of business experience: 5 years in Information Security and 5 years in Security Architecture.
- Consulting experience in designing and analyzing information systems.
- Knowledge of:
- System development methods and frameworks.
- Cloud computing and virtualization technology and risks.
- Cryptographic controls and encryption key management.
- Identity and access management methods and standards.
- Information security standards (e.g. ISO 27001, PCI DSS, NIST SP800).
- Security Incident and Event management (SIEM) and monitoring systems.
- Strong written and verbal communication skills; ability to communicate security and risk-related concepts to technical and non-technical audiences.
- Ability to work collaboratively in a team environment.
- Superb analytical skills. Must be a critical thinker with strong problem-solving skills and an ability to think “outside the box” to identify solutions.
- Self-motivated and driven. Well organized; results oriented.
- High attention to detail and commitment to quality.
- High level of personal integrity, and the ability to professionally handle confidential matters and exude the appropriate level of judgment and maturity.
Qualified candidates are invited to submit their resume to:
E-mail : [email protected]
McCarthy Tétrault is an equal opportunity employer that fosters an inclusive, equitable, and accessible environment. We thank all applicants for their interest in McCarthy Tétrault; however, only chosen applicants will be contacted. We regret that we are unable to respond to individual inquiries about application status.