Posting Title: Information Security Architect

Job ID #: 7762

Salary: $134,668 - $157,176

Shift: Days

Hours: 35.00

Location: 40 College St – Toronto Police Service Headquarters

Department: IT Risk Management

Vacancies: 1

Job Code: A13ACA

Opening Date: February 5, 2026

Must Apply By: February 20, 2026

The Toronto Police Service is looking for a candidate that shares our core values:

Service at our Core – Do the right thing – Connect with Compassion – Reflect and Grow

The Toronto Police Service is the fourth largest municipal police service in North America. With over 5,000 officers and approximately 2,500 civilian employees, we are dedicated to delivering best-in-class police services, in partnership with our communities, by being where the public needs the Service the most, by embracing partnerships to create safe communities, and by focusing on the needs of the City.

NOTE: To apply to this role, please apply online via our Toronto Police Service careers website and click on Civilian Roles.

The Opportunity:

Join the Toronto Police Service as an Information Security Architect within our IT Risk Management Unit. This is a rare opportunity to apply your expertise to systems that directly support public safety, critical operations, and the protection of sensitive information.

We are looking for a forward‑thinking security professional who thrives in complex environments and is motivated by meaningful work. In this role, you will shape the security architecture that underpins a modern, technology‑driven Police Service—designing resilient systems, strengthening our cybersecurity posture, and ensuring our members and communities are protected.

If you are passionate about security architecture, eager to tackle evolving cyber threats, and ready to influence enterprise‑level decisions with real‑world impact, we’d love to have you on our team.

What can I expect to do in this role?

In this role, you will conceptualize designs, procure, and/or build secure information technology (IT) systems, with responsibility for aspects of system and/or network development. You will develop system concepts and work on the capabilities in phases of the systems development life cycle, translating technology and environmental conditions (e.g., law and regulation) into system and security designs and processes. You will also ensure that the stakeholder security requirements necessary to protect the organization’s mission and business processes are adequately addressed in all aspects of enterprise architecture including policies, standards, reference models, segment and solution architectures, and the resulting systems supporting those missions and business processes. Furthermore, you will provide technical expertise and guidance to TPS personnel/end users regarding IT systems security in all aspects of enterprise architecture.

Duties and Responsibilities:

• Define and document how the implementation of a new system or new interfaces between systems impacts the security posture of the current environment.
• Analyze candidate architectures, allocate security services, and select security mechanisms.
• Develop a system security context, define baseline cybersecurity requirements and corresponding system security requirements, and provide guidance and inputs to system security operations.
• Evaluate security architectures and designs to determine the adequacy of security design and architecture proposed or provided in response to requirements contained in the acquisition documents.
• Determine the protection needs (i.e., security controls) for the information system(s) and network(s) and document appropriately.
• Participate in security incident response process, identify gaps, and plan architecture changes to address them. Possible on-call duties to provide immediate response to security incidents.
• Define appropriate levels of system availability based on critical system functions and ensure that system requirements identify appropriate disaster recovery and continuity of operations requirements to include any appropriate fail-over/alternate site requirements, backup requirements, and material supportability requirements for system recovery/restoration.
• Identify and prioritize critical business functions in collaboration with organizational stakeholders; Collect and document the essential system capabilities or business functions in priority for partial or full system restoration after a catastrophic failure event.
• Develop/integrate cybersecurity designs for systems and networks with multilevel security requirements or requirements for processing multiple classification levels of data applicable to the TPS.
• Document and address the organization’s information security, cybersecurity architecture, and systems security engineering requirements throughout the acquisition life cycle.
• Advise on the implementation of secure configuration management processes.
• Ensure that acquired or developed system(s) and architecture(s) are consistent with the organization’s cybersecurity architecture guidelines.
• Perform or manage security reviews, identify gaps in security architecture, and develop a security risk management plan.
• Provide input on security requirements to be included in statements of work and other appropriate procurement documents.
• Assess and design security management functions in various IT processes (e.g. release management, patch management) as related to cyberspace.
• Work on all aspects of enterprise architecture, including requirements management, architecture development, and architecture artifacts (e.g. policies, standards, reference models) maintenance.
• Translate proposed capabilities to technical requirements.
• Provide advice on project costs, design concepts, or design changes.
• Provide input to risk management framework, processes, activities, and related documentation.
• Performs any other related duties and tasks as directed by the Manager of IT Risk Management.

Education/Experience:

• A four (4) year Bachelor’s degree in computer related programs, combined with a minimum of 10 years of working experience within the field of IT Security Architecture, or an equivalent combination of education, certification, training, and professional experiences.
• A ISC2 ISSAP or CISSP certification is preferred

Skills/Competencies:

• Thorough knowledge of cybersecurity and privacy principles, industry best practices, security protocols and standards; Experience in applying this knowledge to the development of organization requirements and system designs (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
• Thorough knowledge of cyber threats and system vulnerabilities, and experience in conducting Threat and Risk Assessment (TRA), penetration testing, and vulnerability scans.
• Experience in conducting and/or managing enterprise-level security reviews and maturity assessments.
• Hands-on experience in applying methods, standards, and approaches for describing, analyzing, and documenting an organization’s enterprise IT architecture by following a framework such as TOGAF, Zachman, DoDAF, etc.
• Substantial technical knowledge in building and implementing security components and measures at application, networks, infrastructure, and information layers for different organizational and system requirements. These security components and measures include, but are not limited to, demilitarized zones (DMZ), firewalls and gateways, intrusion detection/prevention systems (IDS/IPS), endpoint protection systems (EDR), extended detection and response systems (XDR), authentication/authorization/audit/policy enforcement, directory services (e.g. AD, DNS), data anonymization for PCI and PII compliance, data loss protection scanning, accelerated cryptographic operations, data encryption at different states, anti-tampering techniques, fault tolerance techniques.
• Hands-on experience in security configuration, customization, and coding for IT platforms and products (e.g. Azure cloud services, network infrastructure, security products, etc.)
• Strong knowledge of authentication, authorization, network access, identity and access controls (e.g. MFA, PKI, OAuth, OpenID, SAML, SPML, NTLM, Kerberos.
• Strong knowledge of cyber defense and vulnerability assessment tools and their capabilities.
• Strong knowledge of computer and encryption algorithms; cryptography and cryptographic key management concepts.
• Knowledge of computer networking concepts and protocols (e.g. Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI]); and network security methodologies.
• Knowledge of capabilities and applications of network equipment including routers, switches, bridges, servers, transmission media, and related hardware.
• Knowledge of risk management processes (e.g. methods for assessing and mitigating risk).
• Knowledge of configuration management processes and techniques.
• Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
• Knowledge of IT service management concepts for networks and related standards (e.g. Information Technology Infrastructure Library, current version [ITIL]).
• Great conceptualization, analytical, and problem-solving skills.
• Great ability to understand the organization’s goals, strategies, and priorities; and adaptability to align IT security initiatives.
• Enthusiasm and practical approach in tracking information technology trends and new/emerging cybersecurity technology.

Probation Period:

6 months

Contact:

Lisa Petko, A/ Senior Talent Acquisition Advisor

Talent Acquisition

Email: Lisa.Petko@tps.ca

Notes:

• Competencies may be measured through various selection tools such as test(s) and/or interview.
• All applicants who meet the qualifications of the position are invited to submit an online application for this vacancy
• We thank all applicants for their interest. Once your application has been successfully submitted, you will receive an e-mail confirmation within 24 hours
• Only those selected for further consideration will be contacted