We’re embarking on something BIG... 

Central 1 is the partner of choice for financial, digital banking and payment products and services – fueling the success of businesses across Canada. We leverage our scale, strength and expertise to power progress for more than 250 credit unions and other financial institutions, enhancing the financial well-being of more than five million customers from coast to coast. For more information, visit Central1.com

Because of COVID19, all Central1 offices are currently closed to non-essential employees. This role will see you working remotely until our offices are reopened. The timeline to reopen is still under consideration, as are our future remote working policies.

As an Information Security Architect, you will be responsible for incorporating the vision and goals of the Information Security Program across all projects and initiatives. This role will have extensive experience working with a range of stakeholders to ensure that key security requirements are captured, understood, and implemented appropriately. 

We're looking for someone with 5+ years of experience delivering Information Security Thought Leadership, which has been built upon a strong foundation in technology, where you have 10+ years of hands-on technical experience. 

The Information Security Architect will be comfortable guiding more junior Information Security resources and developing awareness of the Information Security program across all business lines. Experience working in an agile environment and the ability to leverage common tools to integrate security into the work environment is a must.

Prior experience designing and implementing security capabilities within an Enterprise environment is a must including but not limited to:

• Security Incident and Event Management
• Endpoint Detection and response
• Intrusion detection and prevention systems
• Data loss prevention

The Information Security Architect must have demonstrable experience working in multiple technology projects as a Security Architect, where they have been part of the full project lifecycle, including requirement gathering, design review, and defining security testing plans.

The ability to adapt to a varied audience and work well with others is a key component in this role, as project teams will rely on the resource’s experience and analytical skills to effectively identify and prioritize threats and both suggest and coach the development of effective controls 1. The successful candidate should be familiar with commercial off-the-shelf testing tools, such as vulnerability scanners, intercepting proxies and be capable of writing exploits using a language of their choosing. Additional responsibilities may include involvement in the implementation of new security solutions, leading in the creation of security architecture documentation and/or maintenance of policies, standards, baselines, and guidelines. 

What you'll be doing:

Strategy & Planning

• Develop and maintain processes to support activities such as Threat Modelling and Risk assessments at both a product and project level
• Facilitate Threat Modelling and Risk assessments at both a product and project level
• Perform a leadership role in the planning and design of enterprise security architecture, and coordinates with system owners, control providers, and other stakeholders on the allocation of security controls as system-specific, hybrid, or common controls.
• Perform a leadership role in the creation of enterprise security documents (architecture blueprints, policies, standards, baselines, guidelines and procedures) Provide oversight and contribute to the design and deployment of technology solutions within Central 1 to ensure they are carried out following industry standard best practices.

Acquisition & Deployment

• Design tooling and platforms to provide capabilities within the Information Security arena Develop and maintain partnerships with Security vendors that are able to support organisational goals
• Maintain up-to-date detailed knowledge of the information security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.
• Recommend additional security solutions or enhancements to existing security solutions to improve overall enterprise security.
• Develop secure testing strategies to validate project readiness

Operational Management

• Participate with investigations into problematic activity, triage vulnerable application components and validate fixes provided to mitigate existing vulnerabilities.
• Provide a leadership role in the design and execution of vulnerability assessments and penetration tests.
• Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.
• Provide input on security requirements to be included in statements of work and other appropriate documents.
• Evaluate security architectures and designs to determine the adequacy of security design and architecture proposed or provided in response to requirements contained in acquisition documents.

What you'll have:

• You have a university degree and 10+ years Information Technology related work experience, ideally with 5 or more years spent working in on Information Security, and with 2+ in an architecture role
• One or more of the following certifications is preferred:
  • (ISC)2 - CISSP
  • GIAC - GSEC, GCIH, GCIA, GCFE, GWAPT or GPEN
  • AWS - Solutions Architect, Certified Security

Azure - Microsoft Certified: Azure Security Engineer

• Experience applying the methods, standards, and approaches for describing, analyzing, and documenting an organization's enterprise information technology (IT) architecture and Enterprise Security Architecture such as SABSA 
• Experience in designing the integration of hardware and software solutions
• Experience using Public-Key Infrastructure (PKI) encryption and digital signature capabilities into applications (e.g., S/MIME email, SSL traffic)
• Experience designing countermeasures to identified security risks.
• Strong experience with threat modelling techniques such as STRIDE.
• Experience deploying and supporting complex web application environments.
• Experience with Web Application Security controls such as WAF, DDOS
• Experience with Application Security testing tools such as SAST and DAST. 
• Working knowledge of Cloud platforms such as AWS and Azure
• Strong understanding of OWASP Top 10 and SANS Top 25.
• Strong understanding of IP, TCP/IP, and other network administration protocols.
• Ability to apply network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
• Strong understanding of Windows, Linux, and Mac operating systems.
• Strong understanding of compliance frameworks including ISO 27001 and NIST CSF

Nice-to-have:

• Experienced coaching and leading others in the Information Security sector
• Proven analytical and problem-solving abilities
• Ability to effectively prioritize and execute tasks in a high-pressure environment
• Good written, oral, and interpersonal communication skills
• Ability to conduct research into information security issues and products as required
• Ability to present ideas in business-friendly and user-friendly manner
• Highly self-motivated and directed
• Keen attention to detail
• Team-oriented and skilled in working within a collaborative environment

As much as we believe in working hard, we also believe in personal growth and taking time for ourselves. Accordingly, our total rewards philosophy amounts to one of the best compensation and benefits packages in the industry – from performance-based incentives and extended benefits, to training and education reimbursements and ample vacation time.

Central 1 is committed to building a diverse and inclusive workforce by creating an environment where everyone feels like they belong and has the opportunity to be successful. We are welcoming of all applicants and we will provide an accessible candidate experience.

Reporting to: Director, Information Security
Grade: G
Date Posted: June 8, 2021
Internal Applicant due date: June 15, 2021
External Applicant due date: June 29, 2021
Location: Vancouver, BC and Mississauga, ON