Renata
Back to jobs
U

Cybersecurity Architect, Operations

Ubc
UBC Vancouver Campus - Vancouver, BC, CanadaPosted 2 days ago
FULL_TIMEonsite

Job Description

Staff - Non Union

Job Category

M&P - AAPS

Job Profile

AAPS Salaried - Information Systems and Technology, Level E

Job Title

Cybersecurity Architect, Operations

Department

OCIO | Solutions Security & Architecture

Compensation Range

$9,859.25 - $15,380.75 CAD Monthly

The Compensation Range is the span between the minimum and maximum base salary for a position. The midpoint of the range is approximately halfway between the minimum and the maximum and represents an employee that possesses full job knowledge, qualifications and experience for the position. In the normal course, employees will be hired, transferred or promoted between the minimum and midpoint of the salary range for a job.

Posting End Date

June 22, 2026

Note: Applications will be accepted until 11:59 PM on the Posting End Date.

This position is subject to the satisfactory completion of required background checks

Job End Date

Ongoing

 

 

At UBC, we believe that attracting and sustaining a diverse workforce is key to the successful pursuit of excellence in research, innovation, and learning for all faculty, staff and students. Our commitment to employment equity helps achieve inclusion and fairness, brings rich diversity to UBC as a workplace, and creates the necessary conditions for a rewarding career. 

Job Summary

The Cybersecurity Architect, Operations provides highly specialized and advanced technical expertise and mentoring in the design and implementation of cybersecurity operations solutions based on business, security, and privacy needs. In addition to providing technical project leadership for cybersecurity operations reviews of controls, initiatives, and major incident responses involving complex control configurations necessary for protection of the University, the incumbent will provide subject matter expertise in the development of cybersecurity controls for standards, processes, and policies, as well as research and identify new and emerging trends in operations cybersecurity.

A fixed schedule is set for this role but flexibility is required as some work must be performed outside of regular business operating hours. This position may be required to participate in an on-call rotation schedule.

The ideal candidate demonstrates an unwavering willingness to speak up about security concerns, exercise sound judgment, initiate tasks appropriately, and collaborate effectively. They should be able to work independently and manage competing priorities in a fast-paced environment. We encourage applicants who are passionate about ongoing skill development and staying at the forefront of cybersecurity knowledge.

Organizational Status

Reports to the Associate Director, Cybersecurity Architecture and Development with a functional (dotted-line) report to the Manager, Cybersecurity Incident Response. Works independently and jointly as a functional member within the Security Operations Centre (SOC) team. Collaborates with management and staff from all sections of the Chief Information Security Officer portfolio, Information Technology, other administrative and academic offices, and faculty to coordinate cybersecurity operations activities. Interacts directly with other University technology professionals.

Work Performed

  • Leads architectural reviews on proposed and deployed operational controls, including vulnerability and threat risk assessment activities, to identify opportunities to enhance application availability, security, and privacy.

  • Acts as a cybersecurity subject matter expert in committees and project meetings with Enterprise Architecture, and as needed for Privacy Impact Assessments and Security Threat and Risk Assessments performed in collaboration with Safety and Risk Services.

  • Reviews existing cybersecurity operations controls and designs to ensure appropriate functionality and risk measures are in place and discusses enhancement approach and recommendations with Cybersecurity staff.

  • Responsible for architecting security control solutions and presenting comprehensive proposals for the protection of university systems and electronic information across all UBC properties and networks, taking into consideration functional, integration, security, privacy, availability, and scalability requirements.

  • Researches new or enhanced cybersecurity solutions to meet current and future protection requirements and remains current with security threats and industry technology trends for SOCs.

  • Leads the definition and documentation of best practices for control development, deployment and hardening for common controls used throughout the university.

  • Leads the development of technical communication materials and participates in strategy planning aimed at educating members of the UBC community on established security control best practices and the greater UBC Information Security Standards. May also participate in facilitation of workshops or other training events.

  • Educates unit IT teams on secure controls implementation and analyzes their practices, making recommendations on improved security practices and technologies. Assists with implementation of recommendations as required.

  • Leverages subject matter expertise to determine best practices and makes technology decisions on new and changing security requirements.

  • Proactively reviews security postures and creates corrective action plans to address deviations from established security standards; collaborates with and mentors both cybersecurity and unit IT teams as well as system administrators, to execute approved action plans.

  • Oversees the testing, validation, and review of security solutions to ensure that controls meet all required security and privacy standards; provides recommendations to leadership as appropriate.

  • Designs automated solutions to perform regular testing of security control effectiveness; responsible for overseeing the implementation and outcomes of team members.

  • Where required, provides leadership for entire projects, driving both the management and technical aspects of the project, and taking responsibility to resolve issues effectively and professionally.

  • Oversees the development and maintenance of relevant documentation and training for Cybersecurity teams, IT operations teams, and end-users.

  • Maintains communication and develops relationships with the community in order to develop a sound knowledge of their business and their priorities. Based on client feedback develops recommendations and presents options for security solution improvements and efficiency.

  • May develop custom internal and customer-facing tools and applications to meet specific cybersecurity needs.

  • May lead ad-hoc incident response teams in investigation, containment, remediation, review and/or forensic activities in the event of significant cybersecurity incidents involving enterprise websites or web applications.

  • Performs other related duties as required.


Consequence of Error/Judgement

Effective cybersecurity operations are essential for UBC to deliver secure services to the broad UBC community. The foresight, leadership and technical expertise provided by the Cybersecurity Architect, Operations will have a direct impact on how effective UBC’s SOC, and incident response teams are in protecting the university and responding to incidents. Poor management of enterprise-wide security projects, errors in judgement, poor analysis, inadequate planning, or failure to act decisively will have a detrimental effect on the security and availability of these systems. Insecure systems could lead to system downtime or a data breach. In addition to damaging the reputation of Information Technology and UBC, a breach could also adversely impact the University community, including the large majority of students, faculty and staff, and could have a significant impact on funding and revenue.

Supervision Received

Works under the general direction of the Manager, Cybersecurity Incident Response. The Cybersecurity Architect, Operations must be able to work independently and assume full responsibility for their decisions, as well as contribute actively and collaborate openly as a team member.

Supervision Given

Provides senior level leadership for strategic SOC security projects and initiatives. Plans, directs, and supervises work of staff assigned to projects. Project direction responsibilities may include technical and non-technical staff from units inside and outside of the Cybersecurity team. May mentor junior cybersecurity professionals.

Minimum Qualifications


Undergraduate degree in a relevant discipline. Minimum of eight years of related experience including at least two years of managerial experience, or the equivalent combination of education and experience.

- Willingness to respect diverse perspectives, including perspectives in conflict with one’s own.

- Demonstrates a commitment to enhancing one’s own awareness, knowledge, and skills related to equity, diversity, and inclusion.

Preferred Qualifications

  • Cybersecurity industry certifications such as CISSP ISSAP or ISSEP, CSSLP, GIAC, ISACA or EC-Council are required. Intermediate and progressive experience in cybersecurity technology and architectural assessments, as well as security threat and risk assessments.

  • Demonstrated expertise in some or all of the following: cybersecurity control architecture, EDR, traffic management, digital forensics, encryption, DNS, authentication, database security, ML/AI for cybersecurity, AI guardrails development and implementation, storage, message queuing, containerization, virtualization, APIs, HTTP(S), TCP/IP and x509 certificates.

  • Must possess experience in developing tools in one or more interpreted programming languages, including but not limited to python.

  • Experience supporting, securing, and remediating web applications in an enterprise environment is preferred.

  • Demonstrated expertise in the application, customization and integration of COTS (Commercial off-the-shelf) and open-source software.

  • Experience with incident, request, and change management in a large, complex environment is required. Must have a proven ability to effectively manage all functions within the project management life cycle.

  • In-depth knowledge of cybersecurity frameworks, models and standards such as NIST CSF 2.0, OWASP, and ISO 2700x series is essential. Expertise in cloud security, secure application architecture, and web development best practices is highly valued.

  • The successful candidate will also demonstrate strong analytical and problem-solving skills, with an emphasis on finding creative solutions to complex cybersecurity challenges.

  • Demonstrated experience providing technical leadership, guidance and direction in the analysis, design, development, implementation or maintenance of complex information systems solutions.

  • Demonstrated ability to apply advanced theoretical concepts, industry trends and emerging technologies to develop creative solutions for highly complex information technology problems.

  • Proficient knowledge of UNIX command line and systems administration.

  • Knowledge of secure web and mobile development practices, technologies, frameworks, platform architectures, Internet software standards, and services.

  • Knowledge of application architecture and security in cloud-based environments, such as AWS and Microsoft Azure, is an asset.

  • Willingness to raise security concerns regardless of ownership and potential impact.

  • Ability to effectively manage multiple tasks and priorities and work under pressure to meet time sensitive and mission critical deadlines. Ability and desire to take initiative at all times, tempered with the ability to exercise judgement about seeking input and advice from others.

  • Ability to work independently, as part of a team, and cross functionally. Ability to work collaboratively with staff at all organizational levels.

  • Demonstrates a high level of initiative and ability to describe future scenarios and related opportunities. Plans potential responses involving resource holders, peers, processes, and technology. Leads a timely response, seeking internal/external advice and consultation, and sustains progress through uncharted territories.

Collaboration - Consistently fosters collaboration and respect among team members by addressing elements of the group process that impedes, or could impede, the group from reaching its goal. Engages the "right people," within and beyond organizational boundaries, by matching individual capabilities and skills to the team's goals. Works with a wide range of teams and readily shares lessons learned and credit for team accomplishments.

Communication for Results - Converses with, writes reports for, and creates/delivers presentations to all levels of colleagues and peer groups in ways that support problem solving and planning. Seeks a consensus with business partners. Debates opinions, tests understanding, and clarifies judgments. Brings conflict into the open empathetically. Explains the context of multiple interrelated situations, asks searching, probing questions, and solicits expert advice prior to taking action and making recommendations.

Problem Solving - Diagnoses problems using formal problem-solving tools and techniques from multiple angles and probes underlying issues to generate multiple potential solutions. Proactively anticipates and prevents problems. Devises, facilitates buy-in, makes recommendations, and guides implementation of corrective and/or preventive actions for complex issues that cross organizational boundaries and are unclear in nature. Identifies potential consequences and risk levels. Seeks support and buy-in for problem definition, methods of resolution, and accountability.

Accountability - Sets enhanced objectives for self and others. Monitors performance trends and identifies opportunities to improve standards. Provides regular feedback and suggests alternative approaches necessary to ensure that organizational objectives and superior standards are achieved. Delegates responsibility and reallocates resources as needed to ensure that priorities are met for initiatives within area of responsibility.

Business Process Knowledge - Describes and documents critical cross-functional business process flows. Applies business process reengineering techniques and methods in analyzing process flow and accountability charts. Recommends and advocates substantive process enhancements and assesses both internal and external implications.
Information Systems Knowledge - Identifies means of integrating technical support requirements with enterprise processes and strategies. Identifies technological opportunities to meet client needs. Creates information system solutions to meet the needs of business stakeholders. Partners with appropriate technical consultants, experts, and managers to resolves complex problems across all IT solutions.

About Ubc
Cybersecurity Architect, Operations at Ubc | Renata