Our client is proud to be considered internationally as one of the most successful transport and logistics companies. Their commitment is to create value for customers and shareholders by deepening customer engagement, leveraging the strength of their franchise and ensuring operational and service excellence. Our client’s network penetrates deep into resource-rich, manufacturing-intensive regions to bring raw materials, intermediate products and finished goods to market.
The incumbent evaluates cloud computing solutions, configurations and designs against security requirements and defines the cyber security reference architectures and standards for all enterprise cloud computing environments. It also participates in the definition of DevSecOps architecture practices, secure development training and process evaluation.
Practices in cloud security and DevSecOps architecture:
- Implement the appropriate cloud security architecture controls to manage security risk while enabling the enterprise to use technology systems such as service-oriented architectures, cloud technologies and containers, advanced analytics, AI, Internet of Things, network infrastructure and mobile technologies;
- Ensure that the cloud security architecture is easy to maintain, sustainable and well documented;
- Establish and maintain a relevant, current, valid, and reliable cloud security architecture team knowledge base to leverage the current cyber security infrastructure and process, as required, and define configuration standards while supporting the digital transformation of the I&T environment;
- Facilitate important decisions regarding cloud computing architecture and technologies;
- Foster the achievements and skills of the Security team by planning solution delivery, answering questions from less experienced team members on technical and procedural issues, teaching improved processes, and mentoring team members;
- Ensures that security designs are well documented, such as established architectures and business processes, using clear diagrams and well-written documentation.
- Ensures that security designs are well documented, such as established architectures and business processes, using clear diagrams and well-written documents:
- Work in collaboration with the CIO, the Senior Director of Cloud Security and DevSecOps Architecture, the Cyber Security Team, Portfolio Directors, other architects and the I&T branch to understand the direction of the business and its impact on the level of security;
- Define the appropriate action plan and investment strategy by writing business cases and security roadmaps;
- Leverage the cloud computing ecosystem to understand the capabilities and limitations to improve the security of current products and help select the right partners;
- Leverage the ecosystem of cyber security solution providers to understand capabilities and options for compensating for controls and reducing risk to help select partners that will fit into the overall architecture;
- Monitor and evaluate the environment on an ongoing basis through self-assessments and independent security assessments. Provides management with the means to identify gaps and inefficiencies and initiate improvement actions through security roadmaps and strategies.
- At least 12 years of overall work experience;
- At least 8 years of I&T experience;
- Minimum of 5 years experience in cloud security architecture;
- Proven experience implementing structured problem solving approaches in large, geographically dispersed organizations operating 24/7;
- Experience with multi-cloud platforms including AWS, Azure and Google Cloud Platform is an asset;
- Experience with Agile and DevOps methodologies is an asset;
- Experience in rail, transportation or general industry is a strong asset.
- Training, certifications and designation :
- Bachelor’s degree in computer science, computer engineering, electrical engineering, systems analysis or other related field;
- At least one recognized certification in cloud security: e.g., Certified Information Systems Security Professional (CISSP), Certificate of Cloud Security Knowledge (CCSK), Certified
- Cloud Security Professional (CCSP), GIAC Cloud Security Automation (GCSA), etc;
- Architectural certifications (TOGAF, Zachman, CISSP-ISSAP, etc.), an asset.
- Ability to define and organize a security architecture appliance using reusable elements: trends, services, components, capacity models, etc..;
- Demonstrated ability to understand the security implications of complex business activities and how these activities relate to technology solutions that mitigate risk and drive business;
- Ability to establish clear security requirements based on vaguely articulated needs;
- Ability to interact with a large number of staff to explain and implement security measures;
- Excellent oral and written communication skills;
- Attention to detail, autonomy and a high level of personal commitment and motivation;
- Ability to prioritize tasks and work in a highly dynamic environment.
- Technical Skills/ Knowledge :
- Strong knowledge of the processes, methods, tools and techniques used to create large private and public cloud computing systems;
- Knowledge of standards, regulations and legislation governing information security, e.g. NIST, ISO 27001, OWASP;
- Knowledge of general IT security technologies and architectures: Service oriented architectures, mobile technologies including mobile device management, data-driven design, advanced analytics, AI, identity and access management lifecycles, digital forensics, terminal encryption, encryption key management, database security, enterprise directory services, intrusion detection system, intrusion prevention system, next-generation firewalls, application firewalls, password vaults, SaaS/PaaS/IaaS cloud security, security information and event management (SIEM), etc. , an asset;
- Understanding of API security, an asset;
- Knowledge of container security, particularly Kubernetes, an asset.
Associée / Consultante sénior
514-658-JUMP (5867) poste 202