Sr. Cyber Security Architect
Themesoft Inc.
Themesoft Inc. is a global IT solutions provider and a Woman‑Owned Minority Business Enterprise headquartered in Dallas, TX. With a strong presence across the US, Canada, India, Singapore, and Brazil, we specialize in digital transformation, consulting, and workforce solutions across diverse industries.
We are currently looking for a tech-savvy and results-driven professional for one of our leading clients. If you’re passionate about technology and looking to grow in a dynamic, fast-paced environment, this could be the perfect fit for yo u.
Sr. Cyber Security Architect
Onsite-Vancouver, B.C
Long term Contract
About the Role
We are seeking an experienced Senior Cyber Security Architect – GRC to lead and mature our governance, risk, and compliance program. This role sits at the intersection of security architecture and regulatory compliance, ensuring our control environment is not only audit-ready but architecturally sound and defensible against real-world threats. The ideal candidate has deep hands-on experience maintaining SOC 2 and ISO 27001 programs, running multi-framework audits, executing control testing, and managing third-party and internal technology risk — ideally within a fintech or regulated financial services environment subject to OSFI, FINTRAC, and/or BCFSA obligations.
Key Responsibilities
Compliance Program Ownership
• Own and maintain the organization's SOC 2 (Type I/II) compliance program, including control mapping, evidence collection, remediation tracking, and continuous readiness.
• Own and maintain the ISO 27001 Information Security Management System (ISMS), including risk treatment plans, Statement of Applicability (SoA), internal audits, and surveillance/recertification audits.
• Serve as the primary point of contact for external auditors, assessors, and certification bodies across multiple frameworks (SOC 2, ISO 27001, PCI-DSS, NIST CSF, etc.).
Audit & Control Testing
• Plan, coordinate, and support multi-framework compliance audits, ensuring consistent evidence and control narratives across overlapping requirements (control rationalization/harmonization).
• Design and execute control testing programs (design and operating effectiveness) across technical, administrative, and physical controls.
• Track findings, gaps, and management action plans through to remediation and closure; report status to leadership and audit committees.
Risk Management
• Lead Third-Party Risk Assessments (TPRA/TPRM) for vendors, partners, and critical service providers, including security questionnaires, contract/SLA review, and ongoing monitoring.
• Conduct Internal Technology Risk Assessments (TRA) for new systems, applications, infrastructure changes, and architecture decisions prior to deployment.
• Maintain the enterprise risk register; quantify and prioritize risks; present risk posture to senior stakeholders.
Regulatory & Fintech Compliance
• Ensure security and technology controls align with fintech regulatory obligations, including but not limited to:
o OSFI (Office of the Superintendent of Financial Institutions) guidelines (e.g., B-13 Technology & Cyber Risk Management)
o FINTRAC requirements related to technology controls supporting AML/CTF obligations
o BCFSA and other applicable provincial/federal financial regulatory bodies
• Monitor regulatory changes and translate them into actionable control and architecture requirements.
Security Architecture
• Provide architectural guidance to ensure compliance controls are embedded into system design (secure-by-design), not bolted on post-implementation.
• Partner with engineering and infrastructure teams to design controls supporting Zero Trust, IAM, network segmentation, encryption, and secure cloud architecture (AWS/Azure/GCP).
• Translate compliance requirements into technical control specifications and reference architectures.
Stakeholder Engagement & Reporting
• Prepare and present compliance, risk, and audit status reports to the CISO, executive leadership, and board/audit committee as needed.
• Support development and maintenance of security policies, standards, and procedures aligned to applicable frameworks.
• Act as a trusted advisor to business units on risk acceptance, exceptions, and compensating controls.
Required Qualifications
• 7+ years of experience in cyber security, with at least 4+ years focused on GRC, security architecture, or compliance functions.
• Demonstrated hands-on experience maintaining (not just achieving) SOC 2 and ISO 27001 certifications over multiple audit cycles.
• Proven experience supporting multi-framework audits simultaneously (e.g., SOC 2 + ISO 27001 + PCI-DSS).
• Strong background in control testing methodologies (sampling, evidence evaluation, design vs. operating effectiveness).
• Direct experience conducting TPRA/TPRM and internal technology risk assessments.
• Working knowledge of fintech regulatory frameworks — OSFI (B-10, B-13), FINTRAC, BCFSA, or equivalent regional financial regulatory obligations.
• Solid understanding of security architecture principles (network, cloud, identity, application security).
• Excellent communication skills with the ability to translate technical risk into business language for executive audiences.
Preferred Qualifications
• Certifications: CISSP, CISA, CISM, CRISC, or ISO 27001 Lead Auditor/Implementer.
• Experience with GRC tooling (e.g., ServiceNow GRC, Archer).
• Prior experience in a fintech, payments, or federally regulated financial institution.
• Familiarity with additional frameworks: NIST CSF/800-53, PCI-DSS, GDPR/PIPEDA.
• Experience presenting to audit committees or boards.
What are the top 3 skills required for this role?
1. Control Testing
2. TPRA
3. Compliance & Audit
Regards,
Parthasarathy K
Lead Recruiter
Work: 972-474-8787 Ext: 306,Direct: 972-737-8607
***email_hidden***
Themesoft Inc |Themesoft Jobs