Senior Manager – Security Architecture and Governance

Title : Senior Manager – Security Architecture and Governance

Department : IT Infrastructure and Security

Location : 6300 Steeles Ave West, Woodbridge

Salary Range : $160,000-$190,000 (base salary + bonus)

Position Summary :

Reporting to the Head of IT Security and Infrastructure, the Senior Manager – Security Architecture and Governance provides strategic leadership for the design, implementation, and governance of the organization’s cybersecurity architecture and programs. The role serves as a key security design and governance authority, ensuring that security architecture, policies, and risk management practices align with business objectives, regulatory requirements, and the evolving threat landscape.

This position oversees security architecture, governance, risk and compliance (GRC), application security, data protection and privacy, IT disaster recovery and operational resilience, security awareness and training, and security program management. The incumbent works closely with IT, business leaders, and external partners to drive measurable improvements in security maturity while delivering clear, executive-level reporting and board-ready insights.

Duties and Responsibilities :

• Leadership & Strategy : Build and develop high-performing teams, attract and retain top talent, and foster a culture of collaboration, continuous learning, and security excellence. Promote diversity and inclusion while driving leadership best practices. Act as a trusted advisor to senior leadership on security architecture, risk posture, and strategic initiatives.
• Security Architecture & Engineering : Define, maintain, and evolve enterprise security architecture across on-premises, cloud, and hybrid environment, aligned with Zero Trust and defense-in-depth principles. Serve as a security design authority, embedding security into IT initiatives, technology roadmaps, and architectural decision‑making. Ensure consistent application of security patterns, standards, and controls across the organization. Oversee third‑party and supply‑chain security risk management, including due diligence, contractual security requirements, and ongoing assurance.
• Governance, Risk & Compliance (GRC) : Own and operate the GRC program, including risk assessments, policy development, compliance audits, regulatory adherence, and Threat Risk Assessments (TRA) for projects and vendors.
• Application Security : Define and enforce secure development standards and practices across IT projects. Provide governance and oversight for application security, including threat modeling, vulnerability management and integration of security controls throughout the software development lifecycle.
• Data Protection & Privacy : Ensure compliance with privacy regulations; implement robust data security controls, including Data Loss Prevention (DLP) solutions and strategies. Collaborate with privacy and legal stakeholders to manage data-related risk.
• IT Disaster Recovery & Operational Resilience : Collaborate with IT Operations to ensure IT systems meet business continuity objectives. Provide governance and assurance by reviewing disaster recovery plans for alignment with security policies and regulatory requirements. Participate in testing exercises and advise on secure recovery practices. Support the development, maintenance, and testing of IT disaster recovery plans, including technologies and processes for

backup, restore, and ransomware recovery. Ensure operational resilience through effective recovery strategies and infrastructure readiness.

Qualifications :

407 ETR's Information Technology division is responsible for the infrastructure and software to enable the efficient operation of the highway including toll capture, account management, financials, and data storage / analytics as well as customer services including call-center, web, IVR and supporting workflows.

Delivery is accomplished using an Agile-Scrum approach, including self-organization, short iterations, strong collaboration, and dedicated teams in scrum rooms.

We are actively seeking to fill this role as it is a current vacancy.

About 407 ETR

Highway 407 ETR is an all-electronic open-access toll highway located in the Greater Toronto Area in Ontario, Canada. The highway spans 108 kilometres from Burlington in the west to Pickering in the east.

407 International Inc. is the sole shareholder of 407 ETR and is owned by :

Cintra Global S.E. which is a wholly owned subsidiary of Ferrovial S.A. (48.29%);

Canada Pension Plan Investment Board (CPP Investments) and other institutional investors (44.20%); and

Public Sector Pension Investment Board (PSP Investments) (7.51%)

Learn more at

Note :