Senior Security Architect
Listed on 2026-07-05
-
IT/Tech
Cybersecurity, Data Security, Information Security, Cloud Computing: Infrastructure & Operations
Job Details
Permanent Full Time (Non-Union)
Posting StatusOpen to all current Town of Oakville employees and external applicants
Closing DateApplications for this position must be received at by no later than 11:59 p.m. on July 2, 2026.
Benefits- A hybrid work schedule
- A defined benefit pension plan (OMERS)
- Comprehensive health plan complemented with life and disability insurance
- A progressive work environment that promotes work/life balance and strives to be a great place for great people to do great things
Reporting to the Information Security Officer & Program Manager, the Senior Security Architect provides senior‑level expertise in the design, implementation, and governance of security architecture across the enterprise with an emphasis on protecting sensitive data, securing cloud platforms and workloads, and leading incident response (IR) execution and maturity. This role partners closely with application, infrastructure, risk/compliance, and business leaders to reduce security risk while enabling delivery speed and operational resilience.
DataSecurity
- Maintain and design the evolution of enterprise data security architecture, including verifying data classification, labeling, and handling standards.
- Define and govern controls for data‑in‑transit and data‑at‑rest encryption, key management, secrets management, and certificate strategy.
- Architect and implement data loss prevention (DLP) and data egress controls across endpoints, email/collaboration, SaaS, and cloud platforms.
- Establish secure access models, including least privilege and privileged access controls for data platforms.
- Design privileged access and least privileged patterns for data platforms (e.g., data warehouses/lakes, analytics platforms) including break‑glass access and approval workflows.
- Develop reference architectures for tokenization, masking, anonymization/pseudonymization, and privacy‑by‑design patterns aligned to regulatory requirements.
- Embed secure data lifecycle controls (collection, processing, sharing, retention, archival, disposal) across systems in collaboration with data management, records management, and application teams.
- Establish security requirements and review designs for new data use cases (APIs, integrations, analytics, AI/ML), focusing on lineage, access boundaries and misuse resistance.
- Lead security risk assessments of data‑centric systems and third parties; drive remediation planning and execution.
- Provide architecture guidance and guardrails that enable teams to execute quickly while meeting data protection obligations.
- Define and enforce secure data access patterns for AI‑enabled solutions, with a focus on tenant data isolation.
- Design controls to prevent data leakage and cross‑tenant exposure in systems leveraging generative or agentic AI.
- Evaluate how AI‑driven workflows interact with sensitive data and ensure alignment with enterprise data protection standards.
- Define security architecture patterns across cloud and on‑premises environments, including identity, network segmentation, workload isolation and secure service‑to‑service communication.
- Partner with infrastructure and application teams to implement baseline cloud controls including policy‑as‑code, secure landing zones, and standardized account/subscription structure.
- Architect cloud identity and access management (IAM) strategies, including federation, control access, RBAC, and privileged identity workflows.
- Design secure CI/CD and infrastructure‑as‑code pipelines with integrated security controls.
- Establish cloud threat modeling and secure design review practices for new services and significant changes.
- Drive cloud security posture management (CSPM) and vulnerability management, by defining remediation standards, exceptions and engineering playbooks.
- Ensure security, resiliency, and compliance requirements are built into cloud services (backup, recovery, encryption, key rotation and logging).
- Define future state security architecture and continuous improvements.
- Integrate emerging AI capabilities (e.g., agentic workflows) into cloud security architectures in a secure and scalable manner.
- Design and review identity and access…
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search: