Security Architect

Job Title: Security Architect (Contract)
Location: Toronto ON (5 days Onsite Downtown Financial District)
Duration: 3 months (Strong possibility of extension)
Experience Level: 7 10 years

We are seeking a highly skilled Security Architect for a leading banking/financial institution. The ideal candidate will have 7 10 years of experience in cybersecurity architecture specifically within highly regulated environments. You will be responsible for bridging the gap between complex business requirements and enterprise security standards ensuring that all solutions are compliant with OSFI FINTRAC and internal bank policies.

• Security Solution Design: Architect end-to-end security solutions for cloud (Azure/AWS) and on-premise banking applications focusing on identity management data protection and network segmentation.

• Risk Assessment: Conduct threat risk assessments (TRA) for new digital banking initiatives payment systems and internal infrastructure changes.

• Stakeholder Collaboration: Work closely with Enterprise Architects DevOps and Compliance teams to embed security controls into the SDLC (Shift Left).

• Regulatory Compliance: Ensure all architectures adhere to OSFI Guideline B-13 (Technology & Cyber Risk Management) PIPEDA and PCI-DSS standards.

• Pattern Development: Create reusable security patterns (Zero Trust Micro-segmentation Secure APIs) for the banks internal architecture repository.

• Incident Support: Assist the CISO office in root cause analysis for security incidents providing architectural fixes to prevent recurrence.

• Vendor Assessment: Evaluate third-party fintech solutions for security posture and integration risks.

• Identity & Access Management (IAM): Expertise in OAuth 2.0 OIDC SAML and tools like ForgeRock Ping or Azure AD.

• Cloud Security: Deep experience with Azure (Sentinel Defender for Cloud) or AWS (Inspector GuardDuty). Azure is strongly preferred.

• Network Security: Firewalls (Checkpoint/Palo Alto) WAF TLS/mTLS and SD-WAN architectures.

• Data Security: Tokenization Masking KMS (HSMs - Thales/AWS CloudHSM) and DLP strategies.

• DevSecOps: Integration of SAST/DAST (Checkmarx Veracode) into Jenkins/Azure DevOps pipelines.

• Standards: Deep working knowledge of NIST CSF ISO 27001 and MITRE ATT&CK framework.

• Experience: Must have at least 3 years of previous experience working for a Tier 1 Bank (RBC TD Scotiabank BMO CIBC) or a major credit union.

• Frameworks: Proven history of submitting architecture artifacts for OSFI reviews.

• Legacy Systems: Experience securing legacy mainframe (z/OS) integration with modern API layers.

• Certifications (at least one required): CISSP CCSP SABSA or Azure Solutions Architect Expert.

• Communication: Ability to explain technical risks to non-technical business heads (VP level).

• Speed: Comfortable working in a high-pressure fast-paced trading or digital banking environment.

• Documentation: Expert in Confluence and Lucidchart for architecture diagrams.

• Bachelors degree in Computer Science Information Security or related field (or equivalent experience).

• Duration: 3 months (likely extension to 12 months based on project roadmap)

• Need not be full time even 10-20 hours/week is adequate
• Need them to have a strong presence with the client be proactive have ownership be impactful
• Must be able to drive conversations and provide technical advice to C-level clients

• Onsite Requirement: 100% Onsite (Client does not accept remote for this role due to data sensitivity). Must have own transit to Downtown Toronto.