Defines, evaluates, and assesses security architecture requirements for Operational technology and IT systems/projects.
Develops technical architecture, framework and strategies to meet the business and application requirements.
Creates detailed integration security architectures patterns for new systems into Metrolinx existing technology stack.
Advises on the identification, analysis, and resolution of specific security factors, risks, vulnerabilities; protection of personal privacy issues; and appropriate industry and international security standards.
Works with design, delivery and deploy teams and ensure security resilience is designed and built into all solutions
General Skills:
Strong understanding and expertise in security architecture Knowledge of techniques to secure information assets and the planning, design, and implementation of security technologies.
Proven techniques to discover gaps or weaknesses in security architecture to identify and mitigate known security threats or inherent weaknesses.
Strong Knowledge and understanding of relevant legislation and corporate directives related to the security and confidentiality of information (e.g. Freedom of Information and Protection of Privacy Act) in order to identify and assess areas of concern and risk
Strong knowledge of current security and contingency technology and techniques such as by Zero Trust to design and protect the OT and IT systems in Identity, Devices, Application and Workloads, and Data domains
Experience in developing security architecture models incorporating security principles, policies, and mechanisms that guide the design and implementation of a secure system.
Experience analyzing and evaluating alternative technology solutions to meet business problems
Strong knowledge of risk management frameworks, industry best practices, security policy creation
Desirable Skills:
Experience in developing enterprise architecture deliverables (e.g. models) based on Ontario Government Enterprise Architecture processes and practice
Experience in Threat Risk Assessment methods Knowledge and understanding of Information Management principles, concepts, policies and practices
Must Haves
Experience in designing security architecture for information technology and operational technology
Experience in implementing zero trust architecture in designing secure SaaS, PaaS and IaaS and On prem systems
Experience in NIST, SOC, SSAE 18, PCI, APATA, IEC 62443 framework
Experience in various risk assessment methodologies to assess existing and new systems, identify vulnerabilities and threats, and design and implement solutions to mitigate the risks
Key skills to evaluate
Six (6) to eight (8) years’ experience working in a security architect or similar role.
Experience in designing security architecture for information technology and operational technology
Experience in reviewing system security measures and able to recommend/design/architect missing security controls.
Experience in implementing zero trust architecture
Experience in building strategy and roadmaps for information, and security initiatives
Experience in NIST, SOC, SSAE 18, PCI, APATA, IEC 62443 framework and risk assessment methodology such as ISF IRAM, and NIST
Experience in designing secure SaaS, PaaS and IaaS
Experience in various risk assessment methodologies to assess existing and new systems, identify vulnerabilities and threats, and design and implement solutions to mitigate the risks
Experience in developing test cases to test security controls/solutions
Excellent communication, interpersonal and presentation skills, as the SA will be presenting, solutions, strategies, and risks to director and VP level
Deliverables
Must Haves:
6-8 years' experience designing security architecture for information technology and operational technology
6-8 years' experience implementing zero trust architecture in designing secure SaaS, PaaS and IaaS and On prem systems
6-8 years' experience in NIST, SOC, SSAE 18, PCI, APATA, IEC 62443 framework
6-8 years' experience in various risk assessment methodologies to assess existing and new systems, identify vulnerabilities and threats, and design and implement solutions to mitigate the risks