At FSRA, our vision is to ensure financial safety, fairness, and choice for Ontarians. As a financial services regulator, we’re passionate about protecting consumers. Our principles-based approach means we can quickly and effectively respond to the changing needs of consumers and the industry.

Our team combines industry expertise with commitment to public service. We attract individuals who are interested in meaningful work and who measure success through outcomes, not inputs.

At FSRA, we invest in the personal and professional growth of our team. We offer a competitive compensation package that includes an employer-matched defined benefit pension plan, comprehensive and competitive benefits plan, a hybrid work model and flexible work arrangements. We prioritise learning and development, wellbeing, diversity, equity, inclusion and belonging, and community giving.

Join FSRA and help us shape the future of regulation for generations to come!

Job Description: *Note - This is a temporary role for approximately 18 months*

Purpose of Position The Lead Security Architect will work with IT teams, business teams, compliance teams, AI teams and vendor partners to design and implement secure systems and infrastructure aligning with business objectives/goals, regulatory requirements and industry best practices as part of FSRA’s digital transformation effort.

The Lead Security Architect will ensure security requirements are embedded across existing and modernized technology stack, including cloud platforms, DevSecOps pipelines, and enterprise applications so that sensitive data and systems remain protected from cyber threats.

Key Responsibilities The Lead Security Architect ensures that information security strategies and technologies align with organizational goals, regulatory requirements, and industry’s best practices through the following responsibilities:

• Develops and maintains the overall enterprise security architecture and patterns for cloud and hybrid applications, networks, containers, and infrastructure, including designing security solutions, establishing security standards, and creating security roadmaps and ensuring alignment with industry standards, regulatory and compliance requirements, and FSRA’s business and IT strategies.
• Leads end-to-end projects related to security risk identification, assessments, security architecture reviews, and threat modeling activities for new and existing systems to mitigate security risks, and develop incident response plans.
• Defines and maintains security standards for secure software development at FSRA; develops and recommends short-and long-term security standards and strategies, providing expertise to executive and front-line management
• Integrates security controls into CI/CD pipelines using DevSecOps best practices.
• Collaborates with AI/ML and data science teams to integrate security into AI product lifecycle.
• Provides subject matter expertise, guidance and strategic advice to internal and external stakeholders, including business and IT colleagues to guide the implementation of security frameworks, enable security management and provide recommendations for effective governance.
• Leads consultations / collaborations with enterprise architects, IT, business, and compliance teams to implement effective security governance ensuring FSRA adheres to relevant security regulations, policies, and industry best practices; leads consultations and project status meetings to provide updates, discuss risk and mitigation security strategies.
• Defines and enforces secure coding standards and practices across development teams through mentorship, training, and testing.
• Evaluates and implements application security tools for SAST, DAST, and SCA for continuous identification, remediation, and reporting of software vulnerabilities. Integrate application security tools with other enterprise tools such as SIEM, IAM, ITSM, etc.
• Responds to emerging threats by adjusting security architecture and guiding incident response planning.
• Works with stakeholders across the organization, including IT teams, business units, and management, to ensure alignment and understanding of security requirements.
• Prepares reports and delivers presentations to senior management, providing technical direction to teams and management related to complex security issues.

Qualifications Education

• Bachelor’s or Master’s degree in Cybersecurity, Computer Science, Information Technology, or related field - or a combination of education, training and experience deemed equivalent.
• Professional certifications such as CISSP, CISA, CISM, SABSA, CCSP, Azure Security Engineer.

Experience

• 7+ years of progressive experience in cybersecurity, with at least 3 years focused on security architecture, including identifying, assessing, and mitigating security risks.
• Experience working in regulatory agency or with a regulated financial organization, an asset

Technical/ Core Skills

• In-depth knowledge of on-prem and cloud-based technology platforms such as firewalls, operating systems, databases, containers, web services, data lakes, etc.
• Demonstrated expertise in cybersecurity with the ability to foster security awareness across technical functions and businesses, with proven application of end-to-end cybersecurity architecture.
• Advanced experience with enterprise IT processes such as patch management, release management, identity and access management, change management, etc.
• In-depth knowledge of, and experience with, enterprise security standards and frameworks(e.g., SABSA, NIST CSF, ISO 27001, PCI DSS, PIPEDA, CIS, OWASP), cloud security, application security, and security architecture principles.
• Proven knowledge and currency with emerging threats and technologies and pproficiency with security concepts and technologies (e.g., SBOM, zero-trust, disaster recovery, extended detection & response, application security posture management, identity threat detection & response, quantum cryptography, encryption, cloud-native security tools, vulnerability scanners, SAST tools, DAST tools).
• Strategic influencing skills to present information, insights and recommendations to senior leadership on issues related to security standards, risks, strategies and implementation.
• Demonstrated analytical and strategic thinking skills and be able to synthesize information from multiple sources to determine inter-relationships and security impacts to FSRA’s IT and business; to conduct incident investigation, forensic data analysis, and threat identification.
• Proficiency in security tools, forensic analysis, and incident detection and response technologies.
• Proven communication, consultative and advisory skills to act as a lead security resource and be able to communicate complex technical information to both technical and non-technical audiences while clearly articulating risk to the business.
• Proven project management skills to manage corporate and cross-program security projects and initiatives.
• Please note that this position will close at 11:59PM on September 4, 2025*

Job Posting End Date: 09/04/2025

Job postings close at 11:59pm on the date noted.

Compensation Grade: Grade 07-AMAPCEO

Compensation Range: $88,496.00

$128,625.00

Bargaining Unit: AMAPCEO

Job Code: Job Code: 7A001F

Employment Type: Fixed Term (Fixed Term)

Scheduled Weekly Hours: 36.25

FSRA is committed to ensuring equity in employment. Our goal is to create a diverse, inclusive workforce that reflects the communities we serve and to ensure our services and communications are accessible to all individuals. Accommodation is available under the Ontario Human Rights Code. NOTE: ONLY QUALIFIED CANDIDATES WILL BE CONSIDERED