Security Architect

Individually we are people, but together we are Aviva. Individually these are just words, but together they are our Values – Care, Commitment, Community, and Confidence.

We are looking for a Security Architect who will come in and define and oversee the implementation of strategic cyber security capabilities through contributing to target architecture and roadmaps and working with others to embed ‘security by design’ and ‘privacy by design’ into all projects.

Come join our team!

What you'll do:

• Maintain, embed and support development of security enterprise architecture assets ( Principles, Requirements, Target Architectures, Standards, and Roadmaps) in solutions

• Work with business and IT change project managers and solution architects to set projects up for success by driving alignment to principles and standards

• Work with technical and business partners to provide direction and drive issue resolution - providing analysis, identifying key decisions, and capturing next steps or plan for issue resolution.

• Lead or support strategic design reviews at key points of the project lifecycle to identify any risks or capability gaps that need addressing

• Support architecture governance using CISO and Group Architecture governance processes and board structures

• Provide ad-hoc reports, viewpoints and white papers to respond to management questions, project issues etc.

• Information Protection: Data discovery, labelling & classification, data monitoring & data loss prevention, rights management

• Security Management Services: Security monitoring, event correlation and user behaviour analytics, vulnerability management, risk management, and threat intelligence

• Application & Database Security: SDLC tooling incl. code scanning solutions, Database firewall & activity monitoring, application secrets management

• Leading the requirements and direction for Infrastructure Security Domains provided by Infrastructure & Operations:

• Identity & Access Management: RBAC, recertification, federation, key & certificate management, conditional and posture-based access, MFA incl. biometric, privileged access management

• Infrastructure protection: Signature and advanced anti-malware, endpoint lockdown, network security incl. gateways and IDS/IPS, infrastructure patching, build and patch compliance Risk & Controls

• Identify, own and manage the specific key risks and/or IT controls and BP standards that you are identified as the owner and/or nominee for on iCARE or Archer. Ensure that issues and actions associated to controls / risks are remediated in a timely manner. Maintain appropriate records on iCARE or Archer . Ensure that controls are sufficiently well designed and operating effectively to keep the risks that they mitigate within Aviva's tolerance level

• Accountable for solving problems and dealing with difficulties in line with policy, process and other guidelines applying technical knowledge and expertise

• Depending on the nature of the specific role, problems can range from repetitive daily issues to complex technical problems requiring significant expertise: able to make complex architectural decisions (for ratification by CISO & CIO boards) using conceptual, logical and physical views

• Accountable for road map development that supports planning and optimisation of complex projects/programmes that will impact multiple markets

• Take personal initiative in adapting to change Internal Collaboration

• Build effective working relationships across aligned CISO and IT teams associated with owned Security Architecture domain.

• Build effective working relationships across relevant teams in external suppliers, through communities, conferences and forums using industry awareness, methods and techniques for the benefit of Aviva Timeframe

What you'll bring:

• Educated to Degree level (or equivalent) preferably in Technology or Information Security

• Professional qualification in Information Security e.g. Certified Information Systems Security Professional (CISSP) or similar

• Professional qualification in Architecture Development methods (e.g. TOGAF)

• Have demonstrable, well grounded experience in an information security field including key technologies and use of key Information Security Frameworks (e.g. ISF, NIST, ISO)

• Experience of operating and engaging with senior management

• Experience of operating in a home team, and in virtual teams aligned to Domains and Projects

• Be adept at identifying and addressing emerging domain trends and articulating considerations, impacts and future decisions

What you’ll get:

• The salary band for this position ranges from $107,700 to $200,100. Please note that individual salary is determined by factors such as job-related knowledge, skills and experience, as well as internal equity.

• Compelling rewards package including base compensation, eligibility for annual bonus, retirement savings, share plan, health benefits, personal wellness, and volunteer opportunities.

• Outstanding Career Development opportunities.

• We’ll support your professional development education.

• Competitive vacation package with the option to purchase 5 extra days off per year

• Employee driven programs focused on gender, LGBTQ+, origins, diversity and inclusion

• Corporate wellness programs to support our employees’ physical and mental health

• Hybrid flexible work model

Please note that we may use AI tools to help us through the recruitment process. This is a new position which has been posted both internally & externally.

Aviva Canada has an accommodation process in place to provide accommodations for employees with disabilities. If upon commencement of employment you require a specific accommodation because of a disability, please contact your Talent Acquisition Partner so that an appropriate accommodation can be arranged. This process applies throughout your career with Aviva Canada.