Cyber Security Architect
Indexed description
Role: Cyber Security Architect
Location: Vancouver, B.C
Responsibilities:
Compliance Program Ownership
- Own and maintain the organization's SOC 2 (Type I/II) compliance program, including control mapping, evidence collection, remediation tracking, and continuous readiness.
- Own and maintain the ISO 27001 Information Security Management System (ISMS), including risk treatment plans, Statement of Applicability (SoA), internal audits, and surveillance/recertification audits.
- Serve as the primary point of contact for external auditors, assessors, and certification bodies across multiple frameworks (SOC 2, ISO 27001, PCI-DSS, NIST CSF, etc.).
Audit & Control Testing:
- Plan, coordinate, and support multi-framework compliance audits, ensuring consistent evidence and control narratives across overlapping requirements (control rationalization/harmonization).
- Design and execute control testing programs (design and operating effectiveness) across technical, administrative, and physical controls.
- Track findings, gaps, and management action plans through to remediation and closure; report status to leadership and audit committees.
Risk Management:
- Lead Third-Party Risk Assessments (TPRA/TPRM) for vendors, partners, and critical service providers, including security questionnaires, contract/SLA review, and ongoing monitoring.
- Conduct Internal Technology Risk Assessments (TRA) for new systems, applications, infrastructure changes, and architecture decisions prior to deployment.
- Maintain the enterprise risk register; quantify and prioritize risks; present risk posture to senior stakeholders.
Regulatory & Fintech Compliance:
- Ensure security and technology controls align with fintech regulatory obligations, including but not limited to:
- OSFI (Office of the Superintendent of Financial Institutions) guidelines (e.g., B-13 Technology & Cyber Risk Management)
- FINTRAC requirements related to technology controls supporting AML/CTF obligations
- BCFSA and other applicable provincial/federal financial regulatory bodies
- Monitor regulatory changes and translate them into actionable control and architecture requirements.
Security Architecture:
- Provide architectural guidance to ensure compliance controls are embedded into system design (secure-by-design), not bolted on post-implementation.
- Partner with engineering and infrastructure teams to design controls supporting Zero Trust, IAM, network segmentation, encryption, and secure cloud architecture (AWS/Azure/GCP).
- Translate compliance requirements into technical control specifications and reference architectures.
Stakeholder Engagement & Reporting:
- Prepare and present compliance, risk, and audit status reports to the CISO, executive leadership, and board/audit committee as needed.
- Support development and maintenance of security policies, standards, and procedures aligned to applicable frameworks.
- Act as a trusted advisor to business units on risk acceptance, exceptions, and compensating controls.
Required Qualifications:
- 7+ years of experience in cyber security, with at least 4+ years focused on GRC, security architecture, or compliance functions.
- Demonstrated hands-on experience maintaining (not just achieving) SOC 2 and ISO 27001 certifications over multiple audit cycles.
- Proven experience supporting multi-framework audits simultaneously (e.g., SOC 2 + ISO 27001 + PCI-DSS).
- Strong background in control testing methodologies (sampling, evidence evaluation, design vs. operating effectiveness).
- Direct experience conducting TPRA/TPRM and internal technology risk assessments.
- Working knowledge of fintech regulatory frameworks — OSFI (B-10, B-13), FINTRAC, BCFSA, or equivalent regional financial regulatory obligations.
- Solid understanding of security architecture principles (network, cloud, identity, application security).
- Excellent communication skills with the ability to translate technical risk into business language for executive audiences.
Preferred Qualifications:
- Certifications: CISSP, CISA, CISM, CRISC, or ISO 27001 Lead Auditor/Implementer.
- Experience with GRC tooling (e.g., ServiceNow GRC, Archer).
- Prior experience in a fintech, payments, or federally regulated financial institution.
- Familiarity with additional frameworks: NIST CSF/800-53, PCI-DSS, GDPR/PIPEDA.
- Experience presenting to audit committees or boards.
Required Skills:
- Control Testing
- TPRA
- Compliance & Audit
Regards,
Praveen Kumar R (Praveen)
Talent Acquisition Group – Strategic Recruitment Manager
[email protected]| Themesoft Inc
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search