SECURITY ARCHITECT (HYBRID)

Job Description

WHO WE ARE

When it comes to health, we’re always looking for ways to push for better. It’s why we were founded in the first place. In 1957, our founder, pharmacist William Wilkinson, witnessed a mother sacrifice her health by forgoing her own medicine to pay for her sick daughter’s prescription. He knew there had to be a better way. So, he introduced North America’s first prepaid drug plan, and GreenShield was born as a not-for-profit with a mission to support better health for all Canadians.

We aren’t just a health and benefits company. We’re the only not-for-profit social enterprise that brings worlds of coverage and care together, all in one place. We’re noble challengers, purposefully building a better way and we need the best people to help us create a more holistic approach that takes care of the mind and body. Our mission is to create better health for all Canadians, and we know that starts with our employees.

THE ROLE IN A NUTSHELL

• Responsible for the development of security architecture and solutions from business requirements in projects and operational initiatives
• Responsible for assessment and mitigation of security risks identified in solution design, providing appropriate solutions and alternatives
• Ensure secure and successful project and solution delivery on time and with quality
• Present designs, risks, and mitigations to peers and senior management
• Adhere to existing risk management frameworks, such as COBIT, ITIL, and ISO 27002
• Leverage and utilize industry standard architecture framework such as TOGAF and SABSA
• Develop business process mapping for implementation of security policies and standards throughout enterprise
• Develop individual detailed security technical reference models and library
• Develop process flows and mapping of security architecture components as part of an enterprise architecture
• Support efforts by reviewing the architecture design
• Support vulnerability assessments on various types of networks and topologies
• Analyze output from network vulnerability assessments and recommend mitigation strategies
• Review and provide feedback on security plans and procedures regarding all aspects of technology including network, application, database, applications (AI & ML), and cloud
• Review and provide input into network designs to ensure compliance with security and enterprise architecture
• Provide input and visibility into emerging security technologies, deployment strategies and other security protocols to ensure awareness within the IT Security team
• Build/enhance security architecture and configure network to enhance the security posture of the enterprise
• Review in-house and 3rd-party applications/code for security vulnerabilities and best practices
• Participate in Software Development Lifecycle: code review, QA security testing, launches, etc.
• Develop and/or implement automated security testing tools where possible
• Participate in the development of security-related tools and applications, such as multi-platform cookie-based authentication and internal security libraries/frameworks
• Train engineers on common security problems and best practices for writing secure code
• Provide security input on overall software architecture
• Liaison with compliance teams for internal and external software compliance efforts
• Performs hands-on testing of applications, as well as build and enforce information risk management requirements and structure, including providing practical secure architecture skills and developing and implementing Information Security best practices

WHO WE\'RE LOOKING FOR

• Bachelor’s degree in Information Technology, Computer Sciences or equivalent. Master’s degree desirable
• 10 years or more of professional experience with 8 or more years in cybersecurity including security policy development, security architecture models, and information security regulatory compliance
• Must have the knowledge of IT security technologies such as firewalls, intrusion detections systems, SIEM, ZTPA, VPN, antivirus, patch management, etc., and the interest and experience to work on security policy and architecture
• Solid knowledge of and experience with secure web architectures including micro services and containers, tools and processes
• A sound understanding of generative AI and machine learning technologies, common AI security frameworks, risks, and mitigations
• Experience in engineering and operational roles
• Familiar with NIST and be able to review against security architecture technical requirements
• Experience with regulatory compliance efforts such as PCI or Sarbanes-Oxley
• Experience with one or more applications development languages such as Ruby on Rails, Python, Java, C/C++, .NET
• Knowledge of vulnerability assessment/network discovery and associated tools
• Demonstrated effective strong team player and self-motivator. Ability to work and interface internally with IT and other functional support groups with minimal guidance
• Demonstrated communicator both written and verbal, with effective presentation delivery and meeting facilitation

NICE TO HAVE

Highly desirable to hold one or more of the following certifications:

• AWS Certified Solutions Architect - Professional (Cloud)
• Certificate of Cloud Security Knowledge
• Certified Information Systems Security Professional (CISSP)
• Certified IT Architect (IASA CITA)
• Google Certified Professional Cloud Architect
• Microsoft Certified Architect
• Microsoft Certified Azure Solutions Architect

THE CULTURE

We believe a career should be meaningful. Not just a means to earn a living. Our culture is one where everyone\'s voice is heard and valued. Because that’s what it takes to create better health for all. We dare to challenge the status quo. And we’re driven by people who have challenged theirs. We believe that your workplace should empower you to be the best version of yourself. That’s why we provide a place where you can be inspired, challenged, and rewarded. Where your growth means our growth. Where your voice is heard and valued. Where your work has purpose. And purpose matters. We believe our people are critical to our overall success. Inclusivity makes us a stronger, smarter and more informed organization. Being intentionally inclusive of diverse backgrounds, perspectives and experiences will enhance our company culture to positively impact how we support our communities. A career at GreenShield isn’t just about personal achievements, it\'s about making a difference together. Here’s to Better Health for All!

A FEW MORE DETAILS

Proficiency in English is required for this position. As part of this role, you will be required to communicate with colleagues or customers who use English as their primary language. By requiring English proficiency for this position, we aim to ensure that our employees can excel in their roles, collaborate, and communicate effectively, and contribute to the success of our organization.

GS supports diversity, equity and inclusion in our teams and communities, and we value the unique contributions made by all. Even if your experience doesn’t align perfectly to every requirement, we invite you to apply. We encourage applications from all candidates and will accommodate needs under human rights legislation throughout all stages of the recruitment and selection process. Please let us know of any accommodation through requestforaccommodation@greenshield.ca. Information received relating to accommodation will be addressed confidentially.

Providing this information gives GS consent to use your personal information to assess your suitability for specific positions, future opportunities or for your personnel file. Your résumé will be held in strict confidence and will be viewed only by the Organization. Information may be stored outside of Canada and could be used for aggregate statistical purposes (which uses no personal identification).