Security Architect - GCP and PCI-DSS Compliance
Location Address: Hybrid –Toronto- 2/3 days per week onsite (Tues + Thurs, subject to change)
Contract Duration: 6 months with high Possibility of extension
Business group : This team functions under the “Cloud and Application Security Products & Strategy” umbrella and focuses mainly on architecture and strategy building.
Project : The contractor will work closely with Google engineers, cloud platform architects, security governance, cloud engineering, and other teams across the organization to architect/design security controls for GCP platform that will be compliant to PCI-DSS. The role will drive the PCI DSS compliance of bank’s cloud platforms.
This project is to design and implement PCI DSS controls on Google Compute Engine (GCE) and Google Cloud VMWare Engine (GCVE) platforms. It is at initial phases, and this project will run for about 12 months.
Must Have Skills:
1. 2+ years’ experience with PCI-DSS, controls design and implementation
2. 4+ years’ GCP security controls experience (services and products) – with demonstrated experience in GCE; OR 2+ years’ experience WITH GCP certification
3. 10+ years’ experience in IT Security
4. 4+ years’ experience in security controls architecting and solutioning
5. 4+ years’ experience with documenting design architecture and security requirements
Security certifications – one of these required: CISSP (1st preference), Google Professional Cloud Security Engineer (2nd preference), CCSP, CCSK
Nice-To-Have Skills:
1. Experience with deployment and managing IaaS, PaaS & SaaS solutions
2. GCVE experience
3. 4+ years’ experience in the financial industry
4. Knowledge of /exposure to infrastructure as code (IaC)
TOGAF or SABSA certification an asset
Best VS. Average Candidate:
The ideal candidate is a strong Security Solutions Architect with recent GCP security controls experience who would be able to demonstrate design and architecture skills . As well they would be able to demonstrate strong communication capability including verbal and deck presentations to senior leadership, management, and executive audiences; If can learn quickly will be a great asset. PCI-DSS and GCP are central.
Candidate Review & Selection
2 Round of Interviews
1st – MS Teams Video – 1 hour – with HM – technical interview, checking knowledge and experience, scenario questions
2nd –potential in person (TBD during holidays) if not over Video – 30 minutes - with HM and Director – culture fit and to meet in person