Job Description:

Enterprise Security Architect (Automation & Cryptography)

Job Profile Summary

The Enterprise Information Security Architect will focus on automation, design patterns, encryption frameworks, and secure data transfer mechanisms. This role is critical to ensuring the security of sensitive data across our enterprise by defining and implementing robust security architectures and controls for data at rest and in transit. The ideal candidate will combine technical expertise with strategic vision to architect scalable, automated solutions aligned with industry best practices.

Depth & Scope:

Security Architecture (Automation & Cryptography):

Develop enterprise security architectural designs, with a focus on automated processes, reusable design patterns, and cryptography.

Create and enforce architectural frameworks to protect data at rest and in transit across hybrid cloud and on-prem environments.

Design automated workflows for cryptographic processes, including encryption key management, certificate deployment and lifecycle management, and encryption related incident detection and remediation.

Influence adoption of security solutions into CI/CD pipelines to ensure "security by design" principles.

Architect and implement scalable encryption solutions, including symmetric and asymmetric encryption for databases, filesystems, and communication channels.

Define frameworks for key management using solutions like HSMs, KMIP-compliant systems, database TDE, or cloud-native key management services.

Define security blueprints and best practices to enable cross-functional teams, including DevOps, Infrastructure, and Software Development to securely adopt encryption and automation.

Drive organizational adoption of "security-first" practices.

Technical Skills:

Strong understanding of service-oriented architecture and principles.

Strong understanding of SDLC process and methodology.

Previous experience architecting/designing/solutioning Data Encryption pattens for storage technologies (e.g., NAS, TSM, SAN, IBM SS, etc).

Previous experience architecting/designing/solutioning Data Encryption pattens for Databases (e.g., SQL, Oracle, MongolDB, Postgres, etc).

Previous experience with either: Vormetric, Thales CipherTrust Manager, HSMs, PKI.

Experience with modern automation tools and frameworks (e.g., Ansible, Jenkins, Terraform, GitHub Actions).

Knowledge of orchestration tools (e.g., Kubernetes).

Experience securing hybrid cloud environments (Azure, GCP, AWS).

Hands-on experience with application of encryption and digital signature algorithms (e.g. AES, RSA, ECC) and protocols (e.g. TLS, IPSec, SSH).

Familiarity with key management platforms like Azure Key Vault, AWS KMS, Google KMS, HashiCorp Vault, enterprise HSMs.

Cross domain expertise (e.g., AD, Network, Storage etc).

Knowledge of and experience with digital certificates Lifecycle Management.

Firm understanding of Post-Quantum Cryptography, Quantum threats to PKI and cybersecurity, and the concept of Crypto Agility.

General familiarity with FIPS Post-Quantum Cryptography standards (FIPS 203, FIPS204, FIPS 205), their purpose and application in cryptography.

Ensure the acquired or developed systems and architectures are consistent with an organization's cyber security policies and practices, and align with regulatory requirements (e.g., PCI DSS).

Soft Skills:

Excellent technical writing skills for creating and supporting required documentation.

Advanced communication skills for both technical and non-technical audiences.

Ability to cut through complexity and ambiguity to communicate and facilitate to help business partners visualize concepts, simplify complex scenarios, drive and influence prioritization and consensus.

Strong technical writing skills to create and support required documentation.

Ability to present in front of large audience.

Ability to work independently and collaboratively in a fast-paced environment.

Education & Experience:

Post-secondary education in IT infrastructure and architecture, e.g., Computer Science, Cryptography, Computer Security, Systems Engineering, or related fields, OR relevant experience.

Certifications such as CISSP, CISM, CCSP, AWS/Azure Security Specialty, or GIAC Cryptography preferred.

5+ years security architecture experience in a large corporate environment, with a strong focus on automation and cryptography, preferably in Financial services area.

Who We Are:

TD is one of the world's leading global financial institutions and is the fifth largest bank in North America by branches/stores. Every day, we deliver legendary customer experiences to over 27 million households and businesses in Canada, the United States and around the world. More than 95,000 TD colleagues bring their skills, talent, and creativity to the Bank, those we serve, and the economies we support. We are guided by our vision to Be the Better Bank and our purpose to enrich the lives of our customers, communities and colleagues.

TD is deeply committed to being a leader in customer experience, that is why we believe that all colleagues, no matter where they work, are customer facing. As we build our business and deliver on our strategy, we are innovating to enhance the customer experience and build capabilities to shape the future of banking. Whether you've got years of banking experience or are just starting your career in financial services, we can help you realize your potential. Through regular leadership and development conversations to mentorship and training programs, we're here to support you towards your goals. As an organization, we keep growing - and so will you.

Our Total Rewards Package
Our Total Rewards package reflects the investments we make in our colleagues to help them and their families achieve their financial, physical, and mental well-being goals. Total Rewards at TD includes a base salary, variable compensation, and several other key plans such as health and well-being benefits, savings and retirement programs, paid time off, banking benefits and discounts, career development, and reward and recognition programs. Learn more

Additional Information:
We're delighted that you're considering building a career with TD. Through regular development conversations, training programs, and a competitive benefits plan, we're committed to providing the support our colleagues need to thrive both at work and at home.

Please be advised that this job opportunity is subject to provincial regulation for employment purposes. It is imperative to acknowledge that each province or territory within the jurisdiction of Canada may have its own set of regulations, requirements.

Colleague Development
If you're interested in a specific career path or are looking to build certain skills, we want to help you succeed. You'll have regular career, development, and performance conversations with your manager, as well as access to an online learning platform and a variety of mentoring programs to help you unlock future opportunities. Whether you have a passion for helping customers and want to expand your experience, or you want to coach and inspire your colleagues, there are many different career paths within our organization at TD - and we're committed to helping you identify opportunities that support your goals.

Training & Onboarding
We will provide training and onboarding sessions to ensure that you've got everything you need to succeed in your new role.

Interview Process
We'll reach out to candidates of interest to schedule an interview. We do our best to communicate outcomes to all applicants by email or phone call.

Accommodation
Your accessibility is important to us. Please let us know if you'd like accommodations (including accessible meeting rooms, captioning for virtual interviews, etc.) to help us remove barriers so that you can participate throughout the interview process.

We look forward to hearing from you!

Language Requirement (Quebec only):
Maîtrise d'une langue autre que le français pour offrir du soutien ou traiter avec des employés ou des collègues qui ont besoin de services et de soutien dans une langue autre que le français.