Information Security Officer 3 (Security Architect, Application and Product Security)

Government of Alberta•Edmonton, AB

7d•CA$100,407 - CA$132,993•Remote

About The Position

Every member of Technology and Innovation strives to enable the success of our Ministry partners and Albertans through providing exceptional client focused services that meet and exceed our clients’ expectations. We are looking for collaborative, agile, solutions focused individuals with strong communication skills and strong service orientation. If that describes you, please read on! We’re expanding our Cybersecurity Services team and hiring Security Architects within our Application and Product Security group. Do you have a curious mind and a broad set of technical skills to back it up? Do you enjoy figuring out “what happened and who dun it” to determine capabilities to protect applications and services from experiencing similar incidents? Do you thrive on improving systems, services, and processes to be more secure, effective, and efficient? Can you keep the larger picture in mind while digging into the weeds? Do you enjoy working with teams of dedicated professionals to reduce the occurrence of significant security issues and strengthen the security posture of an enterprise environment? If so, this position may be for you! As an Information Security Officer, you will play a critical role in safeguarding the Government of Alberta’s digital services, ensuring the confidentiality, integrity, and availability of key systems and data. You will work closely with client departments to strengthen and evolve security architecture and capabilities, embedding security seamlessly within a modern DevSecOps framework. In this role, you will help uphold the Government of Alberta’s Information Security Management Directives (ISMDs) and related cybersecurity policy instruments, with a focus on application and product security. Your contributions will directly support the secure and reliable operation of the province’s computing environment and digital services. Additionally, you may lead or support the design and implementation of security controls including cybersecurity technologies, processes, policies, and awareness initiatives to continuously enhance Alberta’s cybersecurity posture. The Security Architect (Information Security Officer 3) is a senior-level role where you’ll lead security initiatives, projects, or teams while applying deep, expert-level knowledge of security architecture. This position plays a hands-on leadership role, driving impactful information security outcomes across the organization. The role is designed with an AI-first approach to help you work smarter, not harder. You will leverage AI tools to: Automate insights and personalize stakeholder engagement. Create tailored, high-impact materials using AI-assisted content generation. Develop and track KPIs using AI to surface trends and predict outcomes. Demonstrate proficiency in utilizing AI to address complex problems and automate analysis of extensive datasets.

Requirements

A university degree in Computer Science, Information Technology, or a related field.
Minimum of 4 years of related experience in: Secure solution delivery life cycle, Secure application development, Securing continuous integration and continuous deployment (CI/CD), DevSecOps, testing, and security architecture.
Ability to lead and remain calm in times of crisis.
Excellent verbal and written communication skills for executive briefings and technical discussions.
Demonstrated ability to collaborate effectively and secure alignment across multiple stakeholders.
A sense of curiosity to investigate root cause and identify options and a recommendation.
Analytical and problem-solving skills for complex environments.
Proficiency in utilizing AI to address complex problems and automate analysis of extensive datasets.

Nice To Haves

A related two-year diploma from a recognized post-secondary institution and a minimum of six (6) years related experience; or
A related one-year certificate from a recognized post-secondary institution and a minimum of seven (7) years related experience.
Security certification (CISSP, CISM, CISA, CEH, GPEN, or equivalent) or working toward certification is expected.
Solution architecture experience.
Enterprise architecture experience and/or certification.
Experience with AI-powered cybersecurity tools and techniques.

Responsibilities

Development, maintenance, advocacy, and compliance for security architecture and DevSecOps framework and policy instruments such as directives, frameworks, policies, standards, and guidelines.
Security architecture subject matter expertise in the one or more following domains: Secure application development processes and tools, Secure business architecture, Secure data architecture, Secure application architecture, Secure technology architecture.
Consultation, evaluation, and delivery of digital service products throughout the solution development life cycle (SDLC) for conformance to IMT cybersecurity policy instruments including formulation of options and recommendations.
Conduct security review, consult, and advise on secure coding, secrets management, on-premises, Amazon Web Services (AWS), Azure, Google Cloud Platform (GCP), and third-party hosted solutions with verbal and written report.
Provide security advice to business and technical stakeholders, including senior executives.
Participate in projects as an information security subject matter expert with a focus on security architecture and security capabilities within a DevSecOps framework to protect digital service development and operations.
Participate in the identification of information security requirements, as well as the development of strategies and solutions to meet these requirements across the organization.
Facilitate or perform identification, assessment, and treatment of information and technology security threats and risks.
Ensure risks and treatment plans are documented in the Government of Alberta's Information Technology Security Risk Register.
Communicate cyber threat information to stakeholders.
Perform cyber threat or cyber security controls related research as requested by Cybersecurity Services management.
May be required to assist in cybersecurity incident response as required.
Must have a sense of humor.