Back to search
Themesoft Inc. Linkedin · Posted yesterday

Cyber Security Architect

Canada

Linkedin
Continue to application Add your email once, then Caio opens the original posting.

Indexed description

Role: Cyber Security Architect

Location: Vancouver, B.C



Responsibilities:


Compliance Program Ownership

  • Own and maintain the organization's SOC 2 (Type I/II) compliance program, including control mapping, evidence collection, remediation tracking, and continuous readiness.
  • Own and maintain the ISO 27001 Information Security Management System (ISMS), including risk treatment plans, Statement of Applicability (SoA), internal audits, and surveillance/recertification audits.
  • Serve as the primary point of contact for external auditors, assessors, and certification bodies across multiple frameworks (SOC 2, ISO 27001, PCI-DSS, NIST CSF, etc.).


Audit & Control Testing:

  • Plan, coordinate, and support multi-framework compliance audits, ensuring consistent evidence and control narratives across overlapping requirements (control rationalization/harmonization).
  • Design and execute control testing programs (design and operating effectiveness) across technical, administrative, and physical controls.
  • Track findings, gaps, and management action plans through to remediation and closure; report status to leadership and audit committees.


Risk Management:

  • Lead Third-Party Risk Assessments (TPRA/TPRM) for vendors, partners, and critical service providers, including security questionnaires, contract/SLA review, and ongoing monitoring.
  • Conduct Internal Technology Risk Assessments (TRA) for new systems, applications, infrastructure changes, and architecture decisions prior to deployment.
  • Maintain the enterprise risk register; quantify and prioritize risks; present risk posture to senior stakeholders.


Regulatory & Fintech Compliance:

  • Ensure security and technology controls align with fintech regulatory obligations, including but not limited to:
  • OSFI (Office of the Superintendent of Financial Institutions) guidelines (e.g., B-13 Technology & Cyber Risk Management)
  • FINTRAC requirements related to technology controls supporting AML/CTF obligations
  • BCFSA and other applicable provincial/federal financial regulatory bodies
  • Monitor regulatory changes and translate them into actionable control and architecture requirements.


Security Architecture:

  • Provide architectural guidance to ensure compliance controls are embedded into system design (secure-by-design), not bolted on post-implementation.
  • Partner with engineering and infrastructure teams to design controls supporting Zero Trust, IAM, network segmentation, encryption, and secure cloud architecture (AWS/Azure/GCP).
  • Translate compliance requirements into technical control specifications and reference architectures.


Stakeholder Engagement & Reporting:

  • Prepare and present compliance, risk, and audit status reports to the CISO, executive leadership, and board/audit committee as needed.
  • Support development and maintenance of security policies, standards, and procedures aligned to applicable frameworks.
  • Act as a trusted advisor to business units on risk acceptance, exceptions, and compensating controls.


Required Qualifications:

  • 7+ years of experience in cyber security, with at least 4+ years focused on GRC, security architecture, or compliance functions.
  • Demonstrated hands-on experience maintaining (not just achieving) SOC 2 and ISO 27001 certifications over multiple audit cycles.
  • Proven experience supporting multi-framework audits simultaneously (e.g., SOC 2 + ISO 27001 + PCI-DSS).
  • Strong background in control testing methodologies (sampling, evidence evaluation, design vs. operating effectiveness).
  • Direct experience conducting TPRA/TPRM and internal technology risk assessments.
  • Working knowledge of fintech regulatory frameworks — OSFI (B-10, B-13), FINTRAC, BCFSA, or equivalent regional financial regulatory obligations.
  • Solid understanding of security architecture principles (network, cloud, identity, application security).
  • Excellent communication skills with the ability to translate technical risk into business language for executive audiences.


Preferred Qualifications:

  • Certifications: CISSP, CISA, CISM, CRISC, or ISO 27001 Lead Auditor/Implementer.
  • Experience with GRC tooling (e.g., ServiceNow GRC, Archer).
  • Prior experience in a fintech, payments, or federally regulated financial institution.
  • Familiarity with additional frameworks: NIST CSF/800-53, PCI-DSS, GDPR/PIPEDA.
  • Experience presenting to audit committees or boards.


Required Skills:

  • Control Testing
  • TPRA
  • Compliance & Audit




Regards,

Praveen Kumar R (Praveen)

Talent Acquisition Group – Strategic Recruitment Manager

[email protected]| Themesoft Inc

Free. 20 seconds. No password. See every match in this search.

Create a free Caio profile to unlock more results and save your role and location preferences.

Unlock free search
Want help applying to roles like this? Search Caio for free. If CV tailoring and application tracking get heavy, Full Caio Agent adds a human specialist.
View Full Agent