Job Description

Responsibilities:

• Defines, evaluates, and assesses security architecture requirements for systems environments and IT projects.

·        Conduct Threat Risk Assessment for SaaS, PaaS, IaaS and on prem applications

·        Conduct risk assessments to identify security risks related to AI technologies and assess their impact on the organization.

·        Communicate security risks and mitigation strategies effectively to stakeholders, ensuring transparency and collaboration

·        Develops technical architecture, framework and strategies to meet the business and application requirements.

• Advises on the identification, analysis, and resolution of specific security factors, risks, vulnerabilities; protection of personal privacy issues; and appropriate industry and international security standards.
• Analyze and evaluate alternative security technology solutions to meet business problems.

General Skills:

• Strong understanding and expertise in security architecture
• Knowledge of techniques to secure information assets and implementation of security technologies.
• Experience in Threat Risk Assessment methods Knowledge and understanding of Information Management principles, concepts, policies and practices
• Proven techniques to discover gaps or weaknesses in security architecture to identify and mitigate known security threats or inherent weaknesses.
• Solid knowledge of current security and contingency technology and techniques
• Experience in digital signature, encryption, access controls, firewalls, authentication, virus protection, etc. and a proven working knowledge of security audit procedures and protocols.
• Experience in developing enterprise architecture deliverables (e.g. models)
• Knowledge of risk management frameworks, industry best practices, security policy creation

Desirable Skills:

• Experience in developing enterprise architecture deliverables (e.g. models) based on Ontario Government Enterprise Architecture processes and practice
• Knowledgeable in OT security publications and models such as NIST 800-82 and Purdue Model
• Knowledge of ICS, SCADA, or OT Systems Certification or Training

Must have

Six (6) to eight (8) years’ experience working in a security architect or similar role.

Knowledge of regulatory and assurance compliance requirements including ISF SOGP, NIST, SSAE16/18 (SOC 1,2 3), PCI DSS 3.2+, and Data Privacy.

Experience with risk assessment methodology (ISF IRAM, NIST)

Key skills to evaluate

• Experience in designing security architecture for information technology and operational technology
• Experience in reviewing system security measures and able to recommend/design/architect missing security controls.
• Experience in implementing zero trust architecture
• Experience in NIST, SOC, SSAE 18, PCI framework
• Experience in designing security controls for SaaS, PaaS and IaaS 

·        Experience in security tools, frameworks, and technologies relevant to AI systems

MSP Notes 

Must Haves:

·        6-8 years Experience in designing security architecture for information technology and operational technology

·        6-8 years Experience in reviewing system security measures and able to recommend/design/architect missing security controls.

·        6-8 years Experience in implementing zero trust architecture

·        6-8 years Experience in NIST, SOC, SSAE 18, PCI framework

·        6-8 years Experience in designing security controls for SaaS, PaaS and IaaS =

·        Experience in security tools, frameworks, and technologies relevant to AI systems