Job Description

Job Title: Security Architect (Contract)

Location: Toronto, ON (5 days Onsite Downtown Financial District)

Duration: 3+ months (Strong possibility of extension)

Experience Level: 7 10 years

Job Summary:

We are seeking a highly skilled Security Architect for a leading banking/financial institution. The ideal candidate will have 7 10 years of experience in cybersecurity architecture, specifically within highly regulated environments . You will be responsible for bridging the gap between complex business requirements and enterprise security standards, ensuring that all solutions are compliant with OSFI, FINTRAC, and internal bank policies.

Key Responsibilities:

• Security Solution Design: Architect end-to-end security solutions for cloud (Azure/AWS) and on-premise banking applications, focusing on identity management, data protection, and network segmentation.

• Risk Assessment: Conduct threat risk assessments (TRA) for new digital banking initiatives, payment systems, and internal infrastructure changes.

• Stakeholder Collaboration: Work closely with Enterprise Architects, DevOps, and Compliance teams to embed security controls into the SDLC (Shift Left).

• Regulatory Compliance: Ensure all architectures adhere to OSFI Guideline B-13 (Technology & Cyber Risk Management), PIPEDA, and PCI-DSS standards.

• Pattern Development: Create reusable security patterns (Zero Trust, Micro-segmentation, Secure APIs) for the bank's internal architecture repository.

• Incident Support: Assist the CISO office in root cause analysis for security incidents, providing architectural fixes to prevent recurrence.

• Vendor Assessment: Evaluate third-party fintech solutions for security posture and integration risks.

Required Technical Skills:

• Identity & Access Management (IAM): Expertise in OAuth 2.0, OIDC, SAML, and tools like ForgeRock, Ping, or Azure AD.

• Cloud Security: Deep experience with Azure (Sentinel, Defender for Cloud) or AWS (Inspector, GuardDuty). Azure is strongly preferred.

• Network Security: Firewalls (Checkpoint/Palo Alto), WAF, TLS/mTLS, and SD-WAN architectures.

• Data Security: Tokenization, Masking, KMS (HSMs - Thales/AWS CloudHSM), and DLP strategies.

• DevSecOps: Integration of SAST/DAST (Checkmarx, Veracode) into Jenkins/Azure DevOps pipelines.

• Standards: Deep working knowledge of NIST CSF , ISO 27001 , and MITRE ATT&CK framework.

Mandatory Requirements (Banking Context):

• Experience: Must have at least 3 years of previous experience working for a Tier 1 Bank (RBC, TD, Scotiabank, BMO, CIBC) or a major credit union.

• Frameworks: Proven history of submitting architecture artifacts for OSFI reviews.

• Legacy Systems: Experience securing legacy mainframe (z/OS) integration with modern API layers.

• Certifications (at least one required): CISSP, CCSP, SABSA, or Azure Solutions Architect Expert.

Soft Skills:

• Communication: Ability to explain technical risks to non-technical business heads (VP level).

• Speed: Comfortable working in a high-pressure, fast-paced trading or digital banking environment.

• Documentation: Expert in Confluence and Lucidchart for architecture diagrams.

Education:

• Bachelor's degree in Computer Science, Information Security, or related field (or equivalent experience).

Contract Details:

• Duration: 3 months (likely extension to 12+ months based on project roadmap)

• Need not be full time, even 10-20 hours/week is adequate
• Need them to have a strong presence with the client, be proactive, have ownership, be impactful
• Must be able to drive conversations and provide technical advice to C-level clients

• Onsite Requirement: 100% Onsite (Client does not accept remote for this role due to data sensitivity). Must have own transit to Downtown Toronto.

Job Tags

Full time, Contract work, Work at office, Shift work

Similar Jobs