Senior Application Security Architect

The Role: Senior Application Security Architect

What you are looking for:

• A closely connected culture
• A total rewards package meant to enhance your work-life flexibility
• Fully utilizing your talent
• Professional growth and development via challenging projects and assignments
• Warm and fuzzy feelings knowing you have helped your community, your team, the business and social causes through the Rexall Care Network

In this existing role you will be reporting to the Cybersecurity Manager, the Sr. Application Security Architect is responsible for establishing, communicating, and enforcing the standards for application security, including software development standards, developing security standards, implementing architectural principles and working with enterprise architects to ensure adherence to Rexall security standards and industrial best practice. 

What you’ll be doing:  

• Manage and lead Rexall Secure Development Lifecycle (SDLC) process and practice
• Work with enterprise architects and software development team to develop and implement secure software development framework
• Develop application security standards and SOPs that comply with McKesson Security Policies, industry best practices and meet all appropriate legal and regulatory compliance standards
• Research security solutions and options for various Cloud application hosting platforms
• Develop and maintain Enterprise Architecture Security Reference framework
• Develop catalogue of standard secure architectures for different deployment types, including web application, mobile applications, cloud-based applications, SaaS, PaaS offering, etc.
• Liaise with Enterprise and Software Architects and integration teams to ensure that all applications are implemented with appropriate adherence to security standards.
• Manage application risk assessment
• Recommend appropriate solutions, components and development frameworks for new systems
• Incumbent will be the primary contact point representing Security for teams developing any new applications
• Participate in the review and approval of new systems implementation or development from the security perspective.
• Coordinate application penetration testing for all new and existing applications
• Manage Web Application Firewall and response to security incident involving application security
• Manage Static and Dynamic scan platform and schedule
• Work with internal and external resources to remediate application vulnerabilities found by code scan or from other channels. 
• Work with internal and external auditors to provide evidence for audits and to remediate any gaps relative to application architecture and implementation 
• Work in a cooperative manner with the IT Organization
• Perform other duties as assigned to support Rexall Pharmacy Group Ltd.

Knowledge, skills and experience:

• Minimum 10+ years of working experience in IT combined with bachelor’s degree in Computer Science
• Hands-on programming experience in software development in common programming environments including .NET, PHP, Java, Python
• Experience with Secure SDLC, DevOps, Microservices and integrated digital solutions 
• Deep knowledge of application authentication and encryption including key management, IAM, OAUTH and SAML
• Experience with secure web application and mobile application development
• Experience with application penetration testing
• Experience with static code scanning tools and dynamic scanning
• Experience with secure coding and secure software development lifecycle paradigms defined in OWASP, ISO27001 and/or NIST frameworks
• Experience with PCI DSS compliance and the relevant requirements for application and system architecture.
• Experience with best practices for security controls, solutions and architectures for common cloud platforms such as Azure, AWS and Office365
• Experience with HIPA/PHIPA compliance regulations and practical ways of ensuring compliance with information privacy requirements
• Relevant experience in auditing based on PCI DSS and ISO 27001 information security framework is an asset. 
• Strong interpersonal skills; highly motivated and directed.
• Excellent communication skills, both written and verbal.
• Strong customer service orientation.
• Experience working in a team-oriented, collaborative environment.
• Strong organization and time management skills
• Demonstrated experience in an audit role

At Rexall, we are better together. We serve our customers, partners, and patients best—we are our best—when everyone brings their true self to work. Our connected, inclusive culture celebrates our lived experiences, backgrounds, expertise, and self-expression to let us win as one team. Leveraging our differences distinguishes us and brings out our best performance.

Are you #ALLin?

Rexall Pharmacy Group is committed to providing an accessible environment for all of our customers, employees, and job applicants. Rexall Pharmacy Group will make available to any selected applicants’ accommodations and/or accessible formats should they require. Candidates are encouraged to discuss any accommodation they may need in order to allow for the most effective selection process.

Our hiring process uses AI-enabled tools to assist with the assessment of applications based on job-related criteria. All decisions are made by the hiring team.