Our client, the Bank of Canada has a 18 month remote contract opportunity for a Security Architect

Provide cyber security and technology risk advisory services to support Bank objectives • Assess current and target state architectures (cloud and on-prem) to support secure, compliant, and risk-based technology delivery • Identify and assess security risks, vulnerabilities, and control gaps across applications, infrastructure, and emerging technologies (including AI-enabled solutions) • Develop and maintain security standards, policies, and control requirements aligned with Bank frameworks and industry best practices • Define and promote secure design patterns, reference architectures, and reusable security artifacts across platforms and development lifecycles • Support secure configuration, governance, and compliance for cloud, applications, and DevSecOps pipelines • Facilitate and support threat modelling activities across applications, platforms, and AI-enabled solutions to identify threats, attack vectors, and control weaknesses • Enhance application security and DevSecOps practices, including secure SDLC, code scanning, and pipeline security controls • Contribute to vulnerability management practices, including identification, triage, prioritization, and remediation guidance across systems and applications • Advise on technology risk, vulnerability management, and security testing (e.g., SAST, DAST, container and dependency scanning) • Support and contribute to the integration of AI into security practices, where applicable (e.g., vulnerability discovery, risk prioritization, and security analysis), including assessing risks associated with AI adoption • Translate technical security risks into business impact and provide clear, risk-based treatment recommendations • Produce executive-ready documentation, reporting, and artifacts for stakeholders, governance forums, and leadership • Support implementation planning, prioritization, and adoption of security controls and risk mitigation strategies • Provide subject-matter expertise, workshops, and knowledge transfer across development, platform, and business teams Required Qualifications & Skills: • University Degree or College Diploma in computer science, information security, engineering, or a related field • A minimum of five (5) years of recent demonstrated experience in information technology or cyber security • A minimum of three (3) years of recent demonstrated experience as a Cyber Security Architect or senior security specialist in complex, regulated environments • Demonstrated experience assessing current-state security posture and defining target-state security architectures • Demonstrated experience designing and governing security controls (e.g., IAM, network security, data protection, logging and monitoring) • Demonstrated experience identifying security, risk, and compliance control gaps and recommending risk-based improvements • Demonstrated experience developing security standards and reusable security architecture artifacts (reference architectures, patterns, building blocks) Additional Qualifications The following will also be considered: • Demonstrated strong knowledge of cyber security and risk frameworks such as NIST CSF, NIST SP 800-53/61/92, and ISO/IEC 27001/27002 Demonstrated knowledge with enterprise and security architecture frameworks (e.g., TOGAF, SABSA) • Demonstrated experience aligning security architectures with regulatory and supervisory expectations (e.g., financial services risk management) • Demonstrated knowledge of third-party and risk management practices • Relevant certifications would be considered an asset (e.g., CCSP, CISSP, CISM, AWS/Azure security certifications).