M

Security Architect

Job Description - Security Architect


This role focuses on areas where architectural decisions determine the security posture for the entire lifecycle of solutions, supporting projects and operations within a business line.



  • You will act as an architecture advisor. You will produce security architectures and security opinions, define the requirements and controls applicable to business systems, and support developers, systems engineers, and security teams in their implementation. Your cybersecurity risk assessment will guide portfolio decisions. Security is integrated from the design stage and maintained throughout the entire lifecycle.

  • Client is seeking a Security Architect to provide consulting services to a business line, not a Controls Operator or a SOC Analyst. The role revolves around three recurring deliverables: security architectures, security advisories, and consulting services for portfolio teams.

  • The terminology used (security by design, requirements and control definition, compliance with regulatory frameworks) positions the role upstream in the lifecycle, during the design phase, rather than in the remediation phase. The mention of project and train support as a significant asset, combined with the Agile SAFe requirement, indicates that the candidate will be assigned to one or more trains and will be expected to participate in planning ceremonies.

  • The ideal candidate is a cybersecurity practitioner with 10 years of experience, at least half of which has been spent in architecture, and is comfortable balancing regulatory requirements with the realities of delivery for development and systems engineering teams.

Requirements



  • 10 years of cybersecurity experience

  • 5 years of security architecture experience, included within the 10 years

  • Knowledge of NIST 800-53, CIS Controls 18, and ISO frameworks

  • Ability to work in an Agile (SAFe) environment

  • Production of security architectures and security assessments/recommendations

  • Definition of security requirements and security controls for business systems


Requirements

Desired



  • Security-by-design approach applied throughout the entire lifecycle

  • Cybersecurity risk assessment

 

Asset



  • Experience supporting projects and/or Agile trains, identified by the client as a significant asset

  • Insurance industry experience

Note: The five years of security architecture experience are included within the ten years of cybersecurity experience and are not cumulative. The three frameworks (NIST 800-53, CIS Controls 18, and ISO) form a complementary standards ecosystem; demonstrated proficiency in two of them, supported by relevant project experience, is considered sufficient to satisfy this criterion.

 

WHAT WE DON'T WANT



  • SOC analyst, SIEM analyst, or incident response specialist without a design component. 

  • Enterprise architect or generalist solution architect whose primary specialty is not security.

  • GRC auditor or consultant whose experience is limited to document compliance, without architecture development. 

  • Penetration tester or offensive security specialist without experience supporting delivery teams. 

  • Profile with less than 10 years of cybersecurity experience, or less than 5 years in security architecture. 

  • ​Network or cloud security engineer limited to tool implementation.







Original job Security Architect posted on GrabJobs ©. To flag any issues with this job please use the Report Job button on GrabJobs.
Share Job
Share Job

Similar Security Architect Jobs in Canada

GrabJobs is the no1 job portal in Canada, connecting you to thousands of jobs fast! Find the best jobs in Canada, apply in 1 click and get a job today!

Mobile Apps

Copyright © 2026 Grabjobs Pte.Ltd. All Rights Reserved.