Our client is seeking a Security Architect to strengthen and evolve their cybersecurity posture across on-prem and hybrid cloud environments. This hands-on technical leader will design and guide implementation of security controls aligned with CISSP domains, helping to drive enterprise security strategy, architecture, and operations.

This is a high-impact role requiring deep domain knowledge, cross-functional collaboration, and the ability to operate in a complex municipal environment with political sensitivity and legacy infrastructure. The Security Architect will work closely with the CISO and key stakeholders to provide expert guidance, reduce risk, and improve resiliency across the organization.

Key Responsibilities:

• Design and evolve enterprise-wide security architecture across cloud, on-premises, SaaS, and hybrid environments
• Conduct threat modeling, gap assessments, and risk evaluations across networks, applications, and systems
• Guide IAM initiatives including privileged access, RBAC, and conditional access policies
• Collaborate with SOC and infrastructure teams to monitor vulnerabilities, support SIEM tuning, and lead risk remediation efforts
• Provide architectural oversight across firewall configurations, DMZ segmentation, secure routing, and VPN design
• Work with internal and external SOC teams (e.g., Arctic Wolf) to monitor vulnerabilities, tune SIEM, and enhance threat detection and response.
• Support the separation and restructuring of legacy networks
• Ensure alignment with best practices in data protection, including encryption, backup/recovery, and DLP controls
• Develop and maintain security reference architectures, implementation roadmaps, and policies aligned with NIST 800-53, ISO 27001, and CIS Controls.
• Act as an internal advisor across projects and infrastructure changes, with occasional involvement in post-incident planning
• Evaluate and select security technologies and tools (e.g., Palo Alto, Cisco, Azure Security, Sentinel, Defender)

Technical Environment (Security-Focused):

• SIEM & Monitoring: Microsoft Sentinel, Arctic Wolf
• Vulnerability Management: Tenable
• Endpoint & Threat Protection: Microsoft Defender Suite
• Identity & Access Management: Azure AD, Conditional Access, MFA, PAM
• Network Security: Palo Alto (limited in-house knowledge), Cisco, routing, segmentation, DMZs
• Cloud & Hybrid Environment: Azure IaaS/SaaS, M365, mixed on-prem/cloud application landscape
• Awareness & Training: KnowBe4
• Data Centres: 3 physical sites with partial mapping; primarily on-prem infrastructure

Required Qualifications:

• Minimum Certification: CISSP
• 8+ years of progressive cybersecurity experience, with at least 3 years as a Security Architect
• Strong working knowledge of CISSP domains: Security Architecture & Engineering, IAM, Security Operations, Network Security, Software Development Security, and Risk Management
• Proven experience in municipal or public-sector environments (preferred)
• Excellent communication and stakeholder management skills, with the ability to influence without formal authority
• Comfortable working independently, navigating internal politics, and acting as a strategic advisor