Principal, Cybersecurity Architecture

Questrade Financial Group (QFG), through its companies - Questrade, Inc., Questrade Wealth Management Inc., Community Trust Company, ThinkInsure, Zolo, and Flexiti, provides securities and foreign currency investment, professionally managed investment portfolios, mortgages, insurance, real estate services, financial services and more. Questrade uses cutting-edge technologies to develop innovative products that give customers better, more affordable ways to take control of their money.

We are everything a traditional financial institution is not. At QFG, you will be constantly moving forward, bringing the future of fintech into existence. You will be a part of a collaborative team that cares deeply about our mission and each other. Your team members will help you conquer challenges, push boundaries and discover what you are truly capable of.

This is a place where you can explore, discover and learn with continuous growth. As a diverse and inclusive place to work, with a hybrid working environment you can unleash your creativity and curiosity with no limits. If you share the same sense of infinite possibility, come shape your future at QFG.

What’s in it for you as an employee of QFG?
• Health & wellbeing resources and programs

• Paid vacation, personal, and sick days for work-life balance

• Competitive compensation and benefits packages

• Work-life balance

• Career growth and development opportunities

• Opportunities to contribute to community causes

• Work with diverse team members in an inclusive and collaborative environment

We’re looking for our next Principal, Cybersecurity Architect. Could It Be You?
As an Application Security Architect, you will work in the CISO organization and report to the Manager of Cybersecurity Engineering. You will use your subject matter expertise to continuously enhance the organizational cybersecurity posture and architect security solutions that will minimize cybersecurity risk to our systems, information and customers in the highly regulated financial services industry. You will support engineering velocity in alignment with business priorities, enterprise risk appetite, information security policy and standards, cybersecurity strategy and target architecture. Your expertise will drive enhancements to the application security program and the enterprise S-SDLC.
Need more details? Keep reading…
In this role, you will use your application security subject matter expertise to:

• Design and formally document, using QFG-defined methodology, the security architecture of our line of businesses (journeys), products, and solutions

• Drive the design and implementation of new solutions that will enhance our security controls and support our existing and future financial service offerings and platforms

• Identify gaps, architect solutions and develop business cases with clear justifications and cost/benefit analyses for cybersecurity initiatives and annual budget planning

• Successfully communicate security risks, challenges and opportunities to leadership and internal stakeholders within engineering departments

• Utilize your strong interpersonal and consulting skills and work collaboratively with technology peers within the CISO and CIO organizations, including enterprise architecture, cloud engineering and infrastructure areas, to enhance our application security posture and offer security guidance and advisory services.

• Participate in threat risk assessments and IT change management initiatives to assess change-driven application security risks that are out of compliance with Information Security policy, cybersecurity standards or best practices and provide mitigation guidance

• Participate in the due diligence process to assess the application security posture of M&A targets, quantify the risk, suggest remediations and produce detailed reports

• Produce extensive high-quality documentation, architecture diagrams, and presentations and support the development of cybersecurity documentation, policies, standards, and procedures

• Utilize your knowledge in application security frameworks, guidelines and best practices such as NIST CSF & SSDF, OWASP SAMM, BSIMM and similars to identify gaps and drive S-SDLC improvements with the organization

So are YOU our next Principal, Cybersecurity Architect? You are if you have…
• 10+ years of combined cybersecurity experience on domains related to application security and security architecture

• Prior experience as enterprise/solutions architect, devops engineer or software engineering role

• Extensive knowledge of the S-SDLC, it’s underlying processes and demonstrable experience in all of the stages therein

• Extensive knowledge of application security concepts and practices, including threat modeling, designing and implementing secure application architectures, designing and implementing secure build and secure deploy infrastructure and processes

• Extensive knowledge of cloud computing concepts and solutions, including public, private, and hybrid cloud

• Proven experience architecting solutions for the cloud, with bonus points for Google Cloud experience

• Strong experience with microservices architectures, IaC, containers and Kubernetes environments

• Deep knowledge of defense-in-depth and zero-trust concepts in a cloud-native environment, e.g. applying authorization policies at gateways, sidecars and application layers, and trusted sub-zones

• Experience with performing security reviews and Threat Risk Assessments

• Possess relevant security, application security and security architecture certifications

• University/Community College Business Administration, Information Technology or Engineering degree/diploma (or equivalent) or equivalent work experience

• Excellent English communication skills (written and oral)

• Strong interpersonal skills with prior advisory or consulting background

• Self-driven with strong project management and coordination skills

• General experience with Generative AI and with agentic tools

Sounds like you? Click below to apply! #LI-Hybrid #LI-MM1

At Questrade Financial Group of Companies, with multiple office locations around the world, we are committed to fostering a diverse, inclusive and accessible work environment. This is an environment where individuals are treated with dignity and respect. Here, the unique skills and experience you bring will be valued. You will be supported and motivated, so that you can harness your unlimited potential. Our team reflects the diversity of the communities we serve and operate in. Having a collaborative and diverse team helps us push boundaries to bring the future of fintech into existence—not only for the benefit of our customers, but for those who build their career with us.

Questrade Financial Group of companies Applicant Tracking System utilizes artificial intelligence (AI) for application screening. The AI system operates on predetermined criteria, with final decisions subject to human review.

Candidates selected for an interview will be contacted directly. If you require accommodation during the recruitment/selection process, please let us know and we will work with you to meet your needs.