Cybersecurity Architect, IT

Salary Range: $90,000 - $120,000

Who we are:

Canaccord Genuity (CG) is a leading independent full-service financial services firm, with operations in two principal segments of the securities industry: wealth management and capital markets. CG is driven by an unwavering commitment to build lasting client relationships – we achieve this by generating value for our individual, institutional, and corporate clients through comprehensive wealth management solutions and investment banking services. We are a leading independent wealth management firm in Canada, and the leading mid-market provider of investment banking advisory, equity research, sales and trading services for corporations and institutions.

We pride ourselves on understanding our clients' needs and finding innovative, bespoke solutions. Our entrepreneurial and friendly team will challenge you to learn and grow every day. We value great work and collaboration and strive to eliminate bureaucratic thinking. We're looking for talented people who thrive in a fast-paced environment and want to have an impact with innovative ideas and best practices.

Come be a part of our Canadian success story and help deliver superior experiences for our clients. At CG, we recognize that diversity across our business strengthens our client relationships and enables more innovative solutions. We strongly encourage applications from all qualified individuals regardless of race, religion, colour, national origin, gender, sexual orientation, age, marital status, or disability status. CG provides an accessible candidate experience. If you need any accommodations throughout the interview process and beyond, please let us know.

Our Canadian operation, Canaccord Genuity Corp., is seeking a highly skilled Cybersecurity Architect with deep expertise in the Microsoft Defender Suite, zero trust architecture, threat modeling, and enterprise security strategy. This role reports to the Enterprise Technology team and works closely with the Security team to design and implement proactive security solutions across the organization. The ideal candidate will have a proven track record of architecting proactive security solutions, designing defense-in-depth strategies, and driving organizational security transformation through cross-functional collaboration. This is a hybrid role with alternating days in the office. Hours for this role range from (PST) 6:00 am – 2:00 pm, 7:00 am – 3:00 pm, or 7:30 am – 3:30 pm.

Responsibilities:

• Architect, design, and implement proactive, defense-in-depth security solutions aligned with zero trust principles and industry best practices across on-premises, cloud, and hybrid environments.
• Collaborate closely with the Security team and Enterprise Technology leadership to align security architecture with business objectives, technical infrastructure, and organizational risk tolerance.
• Lead enterprise-wide deployment, integration, and optimization of the Microsoft Defender Suite (Defender for Endpoint, Cloud, Identity, Office 365) and complementary security platforms for comprehensive threat detection and response.
• Design and oversee identity and access management (IAM) strategies, including Azure AD, conditional access, privileged access management (PAM), and privileged password vaulting solutions.
• Architect network security and application protection solutions including secure segmentation, zero trust network access, load balancing, web application firewalls, and secure remote access frameworks.
• Design vulnerability management, network detection and response (NDR), and secure access service edge (SASE) architectures to provide end-to-end security visibility and threat prevention.
• Conduct threat modeling, security assessments, and architecture reviews to identify risks and implement strategic security enhancements across legacy and modern systems.
• Serve as a change agent, driving security culture transformation and adoption of security best practices through mentoring, training, presentations, and executive communication.
• Provide strategic security governance guidance aligned with compliance frameworks and risk tolerance; present complex technical concepts to all organizational levels.
• Drive innovation by evaluating and implementing emerging security technologies, methodologies, and threat intelligence.

Skills & Qualifications:

• Minimum 3+ years architecting enterprise security solutions with deep expertise in proactive threat prevention and zero trust architecture.
• Advanced proficiency with Microsoft Defender Suite (Defender for Endpoint, Cloud, Identity, Office 365); SC-100/SC-200/SC-300 or equivalent certification or in-progress.
• Strong hands-on experience architecting identity and access management (IAM), including cloud directory services, conditional access policies, privileged access management (PAM), and privileged credential management platforms.
• Proven expertise designing network security architectures: zero trust segmentation, load balancing, web application firewalls, SASE platforms, and secure remote access solutions.
• Demonstrated proficiency with vulnerability management platforms, network detection and response (NDR) tools, and security information and event management (SIEM) solutions.
• Bachelor's degree in Cybersecurity, IT, Computer Science, or equivalent professional experience. CISSP or equivalent advanced certification is a strong benefit.
• Strong understanding of threat modeling, security architecture frameworks (NIST, ISO 27001), and compliance requirements relevant to financial services (SOC 2, PCI-DSS).
• Hands-on incident response planning, threat detection strategy development, and security operations experience.
• Practical knowledge of endpoint protection, mobile device management, and application security controls.
• Excellent communication and presentation skills with ability to influence across all organizational levels.
• Proven change management experience; ability to drive security adoption and cultural transformation.
• Self-motivated innovator who stays current with emerging threats and security technologies.
• Experience mentoring junior security professionals and building high-performing security teams is a plus.

#LI-SK1 #LI-Hybrid #INDHP

All applications will be held in strict confidence.

In order to be considered for employment, candidates selected for interviews will be required to show proof of citizenship, permanent residence or eligibility to work in Canada with no restrictions.

Protecting your online safety:

Canaccord Genuity and its affiliates do not use text messages for recruitment purposes. If you have received a text message claiming to be from CG or an authorized representative regarding job recruitment, please treat as fraudulent and do not respond.

We wish to thank all candidates for their interest but only those applicants selected for an interview will be contacted. No phone calls please. Thank you for your understanding.