Intermediate Security Architect to assess and enhance the security architecture for their IT and digital transformation project. - RQ00139

Our public sector client is looking for an Intermediate Security Architect to assess and enhance the security architecture for their IT and digital transformation project. - RQ00139

Duration: until Nov 2025

Work model: Hybrid - 2 days per week onsite in DT Toronto

Hours: 7.25 hours per day

Responsibilities:

• Define, evaluate, and assess security architecture requirements for IT projects, systems, and environments, including SaaS, PaaS, IaaS, and on-prem applications.
• Conduct Threat Risk Assessments for both traditional IT and AI technologies, identifying potential risks and assessing their impact on the organization.
• Develop and communicate effective security risk mitigation strategies to stakeholders, ensuring transparency and fostering collaboration.
• Design technical architecture frameworks and security strategies to meet both business and application requirements.
• Advise on identifying, analyzing, and resolving security risks, vulnerabilities, and privacy concerns, while ensuring compliance with international and industry standards.
• Analyze and evaluate alternative security technologies to address business challenges.
• Ensure the implementation of security technologies, including encryption, access controls, firewalls, authentication, virus protection, and other security audit procedures.
• Contribute to the development of enterprise architecture deliverables, including models and security strategies, in alignment with organizational policies.

Must-Haves:

• 6-8 years of experience in security architecture, risk management frameworks, and security technologies.
• Knowledge of regulatory and assurance compliance requirements such as ISF SOGP, NIST, SSAE16/18 (SOC 1,2,3), PCI DSS 3.2+, and Data Privacy.
• Proven experience in conducting Threat Risk Assessments (TRAs) and designing security architecture for both IT and Operational Technology (OT).
• Hands-on experience in implementing Zero Trust Architecture and security controls for SaaS, PaaS, IaaS, and AI systems.
• Familiarity with frameworks like NIST 800-82, Purdue Model, and other OT security models.
• Strong experience with security tools, frameworks, and technologies, especially in the context of AI systems.
• Experience in designing security solutions that protect personal privacy and meet industry standards.

Nice to Have:

• Knowledge of OT security publications and models such as NIST 800-82 and Purdue Model.
• Familiarity with ICS, SCADA, or OT Systems.
• Certification or Training in security architecture frameworks (e.g., NIST, SOC, PCI).