Questrade Financial Group (QFG) of Companies is committed to helping our customers become much more financially successful and secure.We are everything a traditional financial institution is not. At QFG, you will be constantly moving forward, bringing the future of fintech into existence. You will be a part of a collaborative team that cares deeply about our mission and each other. Your team members will help you conquer challenges, push boundaries and discover what you are truly capable of.This is a place where you can explore, discover and learn with continuous growth. As a diverse and inclusive place to work, there are flexible working arrangements so you can unleash your creativity and curiosity with no limits. If you share the same sense of infinite possibility, come shape your future at Questrade.What's it like working as a Principal Cybersecurity Architect at Questrade?As a Principal Cybersecurity Architect, you will work in the CISO organization and report to the Manager of Cybersecurity Engineering. You will use your subject matter expertise to continuously enhance the organizational cybersecurity posture and architect security solutions that will minimize cybersecurity risk to our systems, information and customers in the highly regulated financial services industry. You will support engineering velocity in alignment with business priorities, enterprise risk appetite, information security policy and standards, cybersecurity strategy and target architecture. Your expertise will drive enhancements to the application security program and the enterprise S-SDLC.Key Responsibilities:Design and formally document, using QFG-defined methodology, the security architecture of our line of businesses (journeys), products, and solutions.Drive the design and implementation of new solutions that will enhance our security controls and support our existing and future financial service offerings and platforms.Identify gaps, architect solutions and develop business cases with clear justifications and cost/benefit analyses for cybersecurity initiatives and annual budget planning.Successfully communicate security risks, challenges and opportunities to leadership and internal stakeholders within engineering departments.Utilize your strong interpersonal and consulting skills and work collaboratively with technology peers within the CISO and CIO organizations, including enterprise architecture, cloud engineering and infrastructure areas, to enhance our application security posture and offer security guidance and advisory services.Participate in threat risk assessments and IT change management initiatives to assess change-driven application security risks that are out of compliance with Information Security policy, cybersecurity standards or best practices and provide mitigation guidance.Participate in the due diligence process to assess the application security posture of M&A targets, quantify the risk, suggest remediations and produce detailed reports.Produce extensive high-quality documentation, architecture diagrams, and presentations and support the development of cybersecurity documentation, policies, standards, and procedures.Utilize your knowledge in application security frameworks, guidelines and best practices such as NIST CSF & SSDF, OWASP SAMM, BSIMM and similars to identify gaps and drive S-SDLC improvements with the organization.So are YOU our next Principal Cybersecurity Architect?You are if you…10+ years of combined cybersecurity experience on domains related to application security and security architecture.Prior experience as enterprise/solutions architect, devops engineer or software engineering role.Extensive knowledge of the S-SDLC, its underlying processes and demonstrable experience in all of the stages therein.Extensive knowledge of application security concepts and practices, including threat modeling, designing and implementing secure application architectures, designing and implementing secure build and secure deploy infrastructure and processes.Extensive knowledge of cloud computing concepts and solutions, including public, private, and hybrid cloud.Proven experience architecting solutions for the cloud, with bonus points for Google Cloud experience.Strong experience with microservices architectures, IaC, containers and Kubernetes environments.Deep knowledge of defense-in-depth and zero-trust concepts in a cloud-native environment, e.g. applying authorization policies at gateways, sidecars and application layers, and trusted sub-zones.Experience with performing security reviews and Threat Risk Assessments.Possess relevant security, application security and security architecture certifications.University/Community College Business Administration, Information Technology or Engineering degree/diploma (or equivalent) or equivalent work experience.Excellent English communication skills (written and oral).Strong interpersonal skills with prior advisory or consulting background.Self-driven with strong project management and coordination skills.Sounds like you? Click below to apply!At Questrade Financial Group of Companies, with multiple office locations around the world, we are committed to fostering a diverse, inclusive and accessible work environment. This is an environment where individuals are treated with dignity and respect. Here, the unique skills and experience you bring will be valued. You will be supported and motivated, so that you can harness your unlimited potential. Our team reflects the diversity of the communities we serve and operate in. Having a collaborative and diverse team helps us push boundaries to bring the future of fintech into existence—not only for the benefit of our customers, but for those who build their career with us.Candidates selected for an interview will be contacted directly. If you require accommodation during the recruitment/selection process, please let us know and we will work with you to meet your needs.
#J-18808-Ljbffr