Senior Information Security Architect

Job Overview

Job title: Senior Information Security Architect

Job description: For Current Agropur Employees:

Please apply for this job through the Career application of your

Job Type: Regular

Working at Agropur means being a member of an extended family where simplicity and honesty are part of everyday life, and where the management style is based on integrity, openness and autonomy. You too can join the Agropur family!

Reporting to the Director Information Security Center of Excellence, the incumbent works closely with the other members of the security team to develop and implement a comprehensive, enterprise-wide, information security architecture. This includes focusing on defining core security governance frameworks, integration patterns, and security solution designs. The architect works closely with the business, other technology teams, and service providers to design solutions meeting specific security requirements. The incumbent also defines processes and standards to ensure that security configurations are maintained.

More specifically, the Senior Architect – Information Security:

Information Security Architecture:

Develops and maintains a security architecture process that enables the enterprise to develop and implement security solutions and capabilities that are clearly aligned with the business, technology, and risk models;

Develops security strategy plans and roadmaps based on sound enterprise architecture practices;

Develops and maintains security architecture artifacts and the security governance framework (e.g., models, templates, standards, directives, guides, and procedures) that can be used to leverage security capabilities in projects and operations;

Determines baseline security requirements of configuration standards for operating systems (e.g., OS hardening), network segmentation, and identity and access management (IAM);

Develops standards and practices for data encryption and tokenization in the organization, based on the organization’s data classification criteria;

Drafts security procedures and standards;

Establishes a taxonomy of indicators of compromise (IOCs) and shares this detail with the organization stakeholders;

Defines security solution architecture in line with the information security roadmaps, strategies, standards, and high-level design;

Validates security configurations and access to security infrastructure tools, including firewalls, IPSs, WAFs, and anti-malware/endpoint protection systems;

Information Security Governance:

Tracks developments and changes in the digital business and threat environments to ensure that they’re adequately addressed in security strategy plans and architecture artifacts;

Validates IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks in line with the organization risk tolerance;

Conducts or facilitate threat modeling of services and applications that tie to the risk, the information, and data associated with the service or the application;

Ensures a complete, accurate, and valid inventory of all systems, infrastructure, and applications that should be logged by the security information and event management (SIEM) or log management tool;

Documents data flow of sensitive information in the organization and recommend controls to ensure that this data is adequately secured (e.g., encryption and tokenization);

Reviews network segmentation and isolation to ensure the least privilege for network access;

Supports the testing and validation of internal security controls;

Reviews security technologies, tools and services, and makes recommendations to the broader security team for their use, based on security, financial and operational metrics;

Defines security requirements in the context of each project;

Accompany and support enterprise and IT projects in defining the controls necessary to secure the projects and ensure proper alignment with the security framework;

Has or acquires overall solution and project knowledge coupled with a deeper understanding of specific challenges related to security integrations;

Works in collaboration with project managers to identify and manage technical and solution gaps, risks and proactively mitigate potential impacts;

Act as a security expert with various IT and business departments;

Provide the estimates for delivering the security solutions;

Security Operation Governance:

Write and maintain documentation, operational procedures, and standards required to support cybersecurity processes (SecOps);

Participate in security incident management when required;

Ensure technical and regulatory compliance of solutions proposed by suppliers and other 3rd parties;

May be required to troubleshoot production problems within his/her field of expertise;

Acts as a subject matter expert and mentor to other team members.

Requirements:

Bachelor’s degree in Computer Science, Information System, Cybersecurity or equivalent;

7+ years in-depth information security experience; 3+ years designing information security architectures;

Security Certification from a recognized organization (ISACA, ISC2, others)

Experience in using architecture methodologies such as SABSA, Zachman, and/or TOGAF.

Direct experience of isolation, segmentation, and access control in business processes

Expert understanding of web and cloud security standards, security architecture, and application security best practices

Direct experience or strong knowledge of managing security infrastructure — e.g., firewalls, intrusion prevention systems (IPSs), web application firewalls (WAFs), endpoint protection, SIEM, and log management technology.

Experience designing the deployment of applications and infrastructure into public cloud service

Bilingualism (French and English)

Company: Agropur

Expected salary:

Location: Saint-Hubert, QC

Job date: Sat, 05 Jun 2021 22:04:52 GMT

Apply for this job

A job board that helps you to get the right job based on your skills and experience.

Contact Us

info@firstnationswork.com