Position Type:
Permanent
If you’re looking for a fulfilling career that can make a real difference in your life, and the lives of others, you’ve come to the right place.
As a national health solutions partner, we put people first in everything we do — and that begins with our team of 8,000+ professionals who bring a cross-section of diverse life experiences and career expertise to Medavie. By collaborating and innovating together, our employees are creating industry-leading solutions in insurance, primary care and emergency medical services that impact millions of lives in Canada each year.
Our mission is to improve the wellbeing of Canadians so that every life can be lived to the fullest — and it’s reflected in our award-winning culture. We celebrate individuality and value the diverse perspectives and skills our employees contribute. We go beyond providing competitive pay and comprehensive benefits to offer opportunities for personal and professional growth, flexible work options, meaningful experiences, and supportive leadership. Medavie is where employees can be their best selves, feel they belong, and achieve their full potential. Be part of it by applying for a position with us today.
The Opportunity:
The Senior Security Architect is a strategic technical leader responsible for designing, implementing, and governing enterprise-wide security architectures that protect the organization’s information assets, infrastructure, and applications.
This role partners closely with business leaders, technology teams, and risk management functions to ensure security capabilities are aligned with business objectives, regulatory requirements, and modern threat landscapes.
The Senior Security Architect provides deep expertise across security domains—including cloud, identity, network, data protection, application security, and zero trust—and drives the adoption of secure design principles across the enterprise
technology ecosystem.
Key Responsibilities:
Strategic Security Architecture:
Develop and maintain the enterprise security architecture roadmap aligned with corporate security strategy and business goals.
Establish security reference architectures, patterns, and standards covering on- premises, cloud, and hybrid environments.
Lead architectural assessments for new technologies, platforms, and major initiatives.
Design, Engineering & Implementation:
Architect secure solutions across cloud (Azure/AWS), applications, data, and networks.
Define security controls and requirements for system designs, integrations, and third-party technologies.
Review technical designs and solution architectures to ensure adherence to security best practices and compliance requirements.
Sec urity Governance, Risk & Compliance:
Ensure alignment with regulatory, privacy, and internal policy requirements (e.g., ISO 27001, NIST CSF, SOC 2, PCI-DSS, Personal Health Information Acts).
Partner with risk, compliance, and audit functions to assess security posture and identify architectural gaps.
Create and maintain security documentation, architectural diagrams, and standards.
Collaboration & Leadership :
Serve as a senior advisor to IT, engineering, and business leaders on secure architecture and emerging threats.
Lead cross-functional architecture reviews and security design workshops.
Mentor engineering and security staff, promoting security-by-design across the organization.
Threat Modeling & Emerging Technologies:
Lead threat modeling and architectural risk assessments for critical systems and new initiatives.
Monitor industry trends, threat intelligence, and technology advancements to evolve security architecture.
Evaluate and recommend new security technologies and capabilities.
Required Qualifications:
Education: Bachelor’s degree in Computer Science, Cybersecurity, Engineering, or related field. Masters preferred.
Experience:
8–12+ years of experience in cybersecurity with at least 5 years in architecture-level roles.
Proven experience designing and securing cloud, hybrid, and enterprise-class environments.
Certifications:
Other Qualifications:
Ability to design end-to-end security architectures (application, infrastructure, identity, data, network) from requirements through implementation.
Strong command of security principles: least privilege, defense-in-depth, secure-by-design/default, separation of duties, trust boundaries, threat modeling concepts.
Able to produce architecture artifacts: reference architecture, solution designs, security patterns, exception/risk acceptances, and architecture decision records (ADRs).
Deep understanding of authentication and authorization models (SSO, federation, OAuth2/OIDC, SAML, Kerberos where relevant).
Privileged access concepts (PAM), role/attribute-based access (RBAC/ABAC), conditional access, identity lifecycle and governance basics.
Familiarity with MFA patterns, device posture, session controls, and identity as the primary control plane. · Proven experience securing workloads in Azure / AWS / GCP (pick one as minimum; multi-cloud as preferred).
Core cloud security concepts: shared responsibility model, segmentation, security groups/NSGs, KMS/key management, secrets management, logging/monitoring, cloud-native IAM.
Understanding of hybrid connectivity patterns and security (VPN/ExpressRoute/DirectConnect equivalents, routing, DNS).
Solid grounding in network security architecture: segmentation, firewalls, WAF, DDoS protections, proxies, secure remote access, DNS security.
Understanding of TLS/PKI basics, certificate lifecycle, and secure connectivity patterns.
Ability to advise and design for secure SDLC: security requirements, design reviews, CI/CD security controls, dependency management, code scanning concepts.
Preferred/Assets:
Strong security architecture across two or more cloud providers. · Deep understanding of cloud landing zones, guardrails, policy-as-code, and centralized identity patterns.
Practical experience implementing Zero Trust concepts: identity-centric access, continuous verification, device trust, micro-segmentation, adaptive access.
Experience with SSE/SASE models (secure web gateway, CASB, ZTNA) and enterprise proxy strategy.
Familiarity with workload identity and supply chain security for containers.
Strong CI/CD security patterns: SAST/DAST/IAST, SBOM, dependency governance, artifact signing, policy gates.
Familiarity with supply chain frameworks (e.g., SLSA concepts) and secure build pipelines.
Ability to drive automation: policy-as-code, infrastructure-as-code guardrails (Terraform/ARM/Bicep concepts), automated compliance evidence.
Scripting familiarity (PowerShell/Python) for security enablement and control validation.
Deeper crypto knowledge: HSM design, envelope encryption patterns, rotation strategies, mTLS at scale, certificate automation.
Experience designing enterprise key management strategy (centralized vs distributed, BYOK/HYOK patterns where relevant).
Experience mapping security architecture to regulated requirements (e.g., healthcare, financial services, government contracting).
Evidence-based control design supporting audits and third-party assurance (SOC 2, ISO, etc.).
Strong alignment with enterprise architecture practices: capability mapping, target state roadmaps, reference architectures, technology standards.
Proven ability to reduce complexity and technical debt via platform patterns.
Strong knowledge of adversary tradecraft and mitigations (MITRE ATT&CK mapping, detection-informed architecture).
Experience designing for resilience against ransomware, credential theft, lateral movement, and abuse of cloud control planes.
Mentors other architects and engineers; establishes reusable patterns and guardrails.
Leads cross-domain programs (IAM modernization, secure cloud adoption, data security program, etc.).
Language Skills: English (Spoken and Written) required. French (Spoken and Written) considered an asset
Security Clearance Requirement: In conjunction with our contract with the Federal Government, you will be required to have Reliability Status Clearance (Enhanced Level B). This includes Fingerprinting, Criminal Record Check, Credit Check and you must have resided in Canada for at least 5 years and hold Permanent Resident or Citizenship Status.
What’s in it for you?
What makes us a different kind of employer? Our award-winning culture, a team who really cares, unmatched training and support are all dedicated to ensuring you are set up for success.
What we offer:
Permanent full-time position with strong career growth opportunities.
Hybrid or remote work arrangements.
Flexible work environment and work-life balance.
100% employer-paid health, dental, and vision benefits (effective Day 1).
100% employer-matched Defined Contribution Pension Plan.
Annual performance-based Incentive Bonus.
A gifted week of vacation in your first year + optional Vacation Purchase Program.
Support for professional development, training, and certifications.
Wellness programs, health resources, and fitness discounts.
Pay Range:
$99,177 - $132,236
This posting is for an existing vacancy within our organization / Ce poste est actuellement vacant au sein de notre organisation.
The Base Pay range may vary depending on the successful candidate or other relevant job-related factors such as knowledge, skills, qualifications, experience and education/training. In addition to Base Pay, eligible Medavie employees may participate in various performance-based incentive programs. Payments under these programs are discretionary and subject to both individual and organizational results.
We believe our employees should reflect the communities we serve and welcome applications from candidates of all backgrounds. To provide the best experience possible, we will support you with accommodations or adjustments at any stage of the recruitment process. Simply inform our Recruitment team of your needs. We are committed to making sure recruitment, retention, advancement, and compensation are fair and accessible while following all relevant human rights and privacy laws . We appreciate everyone who has shown interest in this position. Only those selected for an interview will be contacted.
While Medavie may use automated tools, including AI, to support application screening, candidates are expected to complete all recruitment interactions independently—without AI assistance—to ensure a fair and equitable process.
If you experience any technical issues throughout the application process, please email: [email protected] .