Senior Security Architect

  • Full Time
  • Toronto
  • Applications have closed

DXC Technology

DXC Technology Security Advisory Services is seeking a Security Architecture consultant to work on and lead Security Architecture consulting projects for commercial customers. We are looking for an innovative and motivated consultant who under general direction with a high level of autonomy, uses extensive knowledge and skills obtained through education and experience to perform the necessary assessment, collaboration, analysis, advisory, and consulting tasks related to specific customer security problems, regulations, industry standards and/or a customer’s unique situation or requirements.

DXC Technology Security Advisory Services aspires to be a strategic partner in helping our more than 1,000 business and government clients in 70 countries better serve their customers and citizens. We work to overcome their business challenges, collaborating to make technology work for them, anytime and anywhere. With a dedication to quality and innovation, we deliver information security advisory, systems integration, and applications development. These efforts enable organizations to manage risk as they take the best advantage of cloud computing, information optimization and enhanced security measures to achieve their goals in a digital world.

Responsibilities

Analyze complex enterprise environments from an information security perspective.

Develop, implement and/or oversee the implementation of Enterprise Security Strategy.

Delivering Security Architectures/Strategies as part of a broader Enterprise or IS/IT Architecture which encompass People, Process and Technology components.

Undertake Threat, Vulnerability and Risk analysis methodologies/techniques and the interpretation/application of their output in the definition of Security Architectures.

Architect solutions and lead security projects at an enterprise level, ensuring that the customer’s security requirements are met.

Rationalize different security solutions against requirements, risk, and constraints. Build business justification to support continued investment in security.

Develop security roadmaps for customers which will enable them to execute upon strategies developed.

Work with key customer executives, directors and management teams (i.e., CISO, CSO, Security Director, etc.) to ensure a business-level understanding of their requirements are understood and that any solutions provided manage risk and address the needs of the business.

Security Architecture and/or Enterprise Architectural Frameworks (e.g. SABSA, TOGAF, O-ESA).

Experience designing and implementing Security Solutions through to operation, experience in multi-supplier/multi-platform environments would be advantageous.

A high level knowledge of all key areas of Information Security Technology and an ability to apply them appropriately.

Interpreting and applying appropriate Standards, Policies and Legislation, e.g. ISO27001, NIST CSF, PCI DSS, GDPR etc. in the development of security strategies.

Experience with Harmonized Threat and Risk Assessment (HTRA) desirable.

Experience with PIPEDA desirable.

An understanding of the people, process & technology involved in Security Strategy, Risk Management, and Security Operations.

Demonstrable experience in leading large consultancy delivery teams and projects.

Understanding of basic financial analysis in support of providing cost estimations in delivery of large-scale security programs and associated activities.

Ability to develop new portfolio solutions from concept to market (methodology development, marketing, sales/internal training, etc.)

Demonstrable experience in “soft” consultancy skills (i.e., deliverable generation, communications, executive level presentation development/delivery).

Experience and knowledge of security management frameworks in multiple industries like finance, pharma, manufacturing, travel/transportation, retail or insurance.

Able to build information security documentation and convey complex information security topics in a simple effective manner.

Information Security and regulatory compliance consultancy experience.

Working knowledge of common risk assessment frameworks/methodologies such as FAIR, OCTAVE, CRAMM, COBIT, NIST SP 800-30, ISRM, ISO 31000.

Working knowledge of common IT security impacted regulations and/or standards such as HIPAA/HITECH, PCI, Sarbanes-Oxley, GLBA and GDPR.

Working knowledge of common IT Governance frameworks such as COBIT, ISO 20000, ITIL.

Cloud Security experience desirable.

Appreciation of trends in IT security, IT risk management, and security architecture.

Self-motivated individual who is keen to take ownership of allocated tasks and drive them to completion.

Key industry certifications such as CISSP, ISSAP, CISM, CRISC, CISA, CCSK, TOGAF certified Architect, CCSP, are desirable.