Jobs.ca
Jobs.ca
Language
THEMESOFT logo

Sr. Cyber Security Architect

THEMESOFT1 day ago
Vancouver, British Columbia, Canada
Senior Level
CONTRACTOR

About the role

Themesoft Inc. is a global IT solutions provider and a Woman‑Owned Minority Business Enterprise headquartered in Dallas, TX. With a strong presence across the US, Canada, India, Singapore, and Brazil, we specialize in digital transformation, consulting, and workforce solutions across diverse industries. We are currently looking for a tech-savvy and results-driven professional for one of our leading clients. If you’re passionate about technology and looking to grow in a dynamic, fast-paced environment, this could be the perfect fit for you.

Sr. Cyber Security Architect Onsite-Vancouver, B.C Long term Contract

About the Role We are seeking an experienced Senior Cyber Security Architect – GRC to lead and mature our governance, risk, and compliance program. This role sits at the intersection of security architecture and regulatory compliance, ensuring our control environment is not only audit-ready but architecturally sound and defensible against real-world threats. The ideal candidate has deep hands-on experience maintaining SOC 2 and ISO 27001 programs, running multi-framework audits, executing control testing, and managing third-party and internal technology risk — ideally within a fintech or regulated financial services environment subject to OSFI, FINTRAC, and/or BCFSA obligations.

Key Responsibilities Compliance Program Ownership

  • Own and maintain the organization's SOC 2 (Type I/II) compliance program, including control mapping, evidence collection, remediation tracking, and continuous readiness.
  • Own and maintain the ISO 27001 Information Security Management System (ISMS), including risk treatment plans, Statement of Applicability (SoA), internal audits, and surveillance/recertification audits.
  • Serve as the primary point of contact for external auditors, assessors, and certification bodies across multiple frameworks (SOC 2, ISO 27001, PCI-DSS, NIST CSF, etc.). Audit & Control Testing
  • Plan, coordinate, and support multi-framework compliance audits, ensuring consistent evidence and control narratives across overlapping requirements (control rationalization/harmonization).
  • Design and execute control testing programs (design and operating effectiveness) across technical, administrative, and physical controls.
  • Track findings, gaps, and management action plans through to remediation and closure; report status to leadership and audit committees. Risk Management
  • Lead Third-Party Risk Assessments (TPRA/TPRM) for vendors, partners, and critical service providers, including security questionnaires, contract/SLA review, and ongoing monitoring.
  • Conduct Internal Technology Risk Assessments (TRA) for new systems, applications, infrastructure changes, and architecture decisions prior to deployment.
  • Maintain the enterprise risk register; quantify and prioritize risks; present risk posture to senior stakeholders. Regulatory & Fintech Compliance
  • Ensure security and technology controls align with fintech regulatory obligations, including but not limited to: o OSFI (Office of the Superintendent of Financial Institutions) guidelines (e.g., B-13 Technology & Cyber Risk Management) o FINTRAC requirements related to technology controls supporting AML/CTF obligations o BCFSA and other applicable provincial/federal financial regulatory bodies
  • Monitor regulatory changes and translate them into actionable control and architecture requirements. Security Architecture
  • Provide architectural guidance to ensure compliance controls are embedded into system design (secure-by-design), not bolted on post-implementation.
  • Partner with engineering and infrastructure teams to design controls supporting Zero Trust, IAM, network segmentation, encryption, and secure cloud architecture (AWS/Azure/GCP).
  • Translate compliance requirements into technical control specifications and reference architectures. Stakeholder Engagement & Reporting
  • Prepare and present compliance, risk, and audit status reports to the CISO, executive leadership, and board/audit committee as needed.
  • Support development and maintenance of security policies, standards, and procedures aligned to applicable frameworks.
  • Act as a trusted advisor to business units on risk acceptance, exceptions, and compensating controls.

Required Qualifications

  • 7+ years of experience in cyber security, with at least 4+ years focused on GRC, security architecture, or compliance functions.
  • Demonstrated hands-on experience maintaining (not just achieving) SOC 2 and ISO 27001 certifications over multiple audit cycles.
  • Proven experience supporting multi-framework audits simultaneously (e.g., SOC 2 + ISO 27001 + PCI-DSS).
  • Strong background in control testing methodologies (sampling, evidence evaluation, design vs. operating effectiveness).
  • Direct experience conducting TPRA/TPRM and internal technology risk assessments.
  • Working knowledge of fintech regulatory frameworks — OSFI (B-10, B-13), FINTRAC, BCFSA, or equivalent regional financial regulatory obligations.
  • Solid understanding of security architecture principles (network, cloud, identity, application security).
  • Excellent communication skills with the ability to translate technical risk into business language for executive audiences.

Preferred Qualifications

  • Certifications: CISSP, CISA, CISM, CRISC, or ISO 27001 Lead Auditor/Implementer.
  • Experience with GRC tooling (e.g., ServiceNow GRC, Archer).
  • Prior experience in a fintech, payments, or federally regulated financial institution.
  • Familiarity with additional frameworks: NIST CSF/800-53, PCI-DSS, GDPR/PIPEDA.
  • Experience presenting to audit committees or boards.

What are the top 3 skills required for this role?

  1. Control Testing
  2. TPRA
  3. Compliance & Audit Regards,

Parthasarathy K Lead Recruiter Work: 972-474-8787 Ext: 306,Direct: 972-737-8607 Partha.k@themesoft.com Themesoft Inc |Themesoft Jobs

About THEMESOFT

Software Development
51-200
Founded in 2004

Dallas based, global IT Consulting and Creative Lab firm founded in Aug 2004, Themesoft is a leading provider of in house team, out of house team, or as a somewhere in between global partner. We manage client's information technology needs, refine and define clients digital strategy and create the digital media client's need to communicate their vision. Our success is measured in our client's successful realization of their vision and goals.

As a global IT Consulting and Creative Lab firm, we have the global perspective and the collaborative spirit. We take the time to understand our partner's culture, ideas and aspirations. This partnership approach allows us to take our partners farther than they ever dreamed possible.

Themesoft partners with all types of businesses from small bright idea start ups to industry leaders. Our portfolio of diverse and global companies teach us something new everyday.

Themesoft believes in constantly evaluating performance on every project and at the company level. We improve as we go and have committed to staying one step ahead of every curve. We truly believe that providing high level consultants and technology services requires that we maintain the same standards for ourselves.

We have 9 offices located in the United States, Canada, Singapore, and India.

Similar Jobs