Haventree Bank is a private Canadian Schedule 1 bank specializing in alternative mortgage programs and insured GIC deposits. We help hardworking Canadians from coast-to-coast achieve homeownership by offering flexible mortgage solutions. Our insured GIC deposits offer competitive rates and are available through a variety of wealth management platforms. About Haventree Bank Headquartered in Toronto, Ontario, Haventree Bank (Haventree) is a mission‑driven alternative mortgage lender. The name Haventree embodies the bank’s mission to help its customers find a place of refuge and to lay down new roots for the future. Haventree exists to be a catalyst of financial security and upward mobility for Canadians who are underserved by the traditional financial system. Position Summary Reporting to the Director, Information Security, the Senior Cloud Security Engineer role is accountable for the security architecture and assurance of our cloud environments by embedding security into the software delivery lifecycle (SDLC) through modern DevSecOps practices. You will lead the design of secure cloud solutions, drive cloud governance and Zero Trust practices, and partner with engineering to ensure our platforms, applications, and CI/CD pipelines are secure, resilient, and compliant. The ideal candidate brings deep technical cloud security expertise, strong architectural instincts, and the ability to translate complex security risks into clear, actionable engineering guidance. Major Duties & Responsibilities Act as a technical owner for key cloud security platforms influencing configuration, detection logic, and roadmap in partnership with operations teams. Define and maintain cloud security reference architectures in a multi cloud environment covering identity, network segmentation, encryption, workload protections, logging/monitoring, and secure service integration. Establish secure patterns for Infrastructure as Code, including secure‑by‑default templates, scanning expectations, and drift considerations. Review and enhance CI/CD pipelines for security best practices, integrating modern supply chain security controls (artifact signing, SBOMs, dependency scanning, pipeline integrity). Review and enhance security configurations for our Customer Identity and Access Management (CIAM) platform, ensuring secure access and compliance with privacy regulations. Lead structured threat modeling for critical applications, cloud services, and third‑party integrations, ensuring outputs become actionable mitigations and delivery backlog items. Define requirements for encryption and key management for data at rest and in transit; establish secure secrets management practices across cloud and CI/CD. Perform architecture and security reviews for designs and major changes, focusing on trust boundaries, identity flows, API security, data classification, encryption, logging/monitoring, and third‑party risk considerations. Partner with platform and engineering teams to ensure designs support resilience, availability, disaster recovery, and secure fail‑over consistent with business continuity requirements. Develop roadmaps and recommendations to drive enhancements to cloud security architecture, governance, and standards. Identify, incorporate, and articulate cloud security best practices such as DevSecOps strategy, Zero Trust design, and cloud incident response. Perform security reviews and maturity assessments across technology and business teams to address cyber risk. Provide clear and organized risk findings and recommendations to business teams. Partner with engineering teams to mentor, coach, and advocate for secure‑by‑design practices across development and operations. Stay ahead of evolving cloud security threats and methodologies, applying them to strengthen security guardrails, CI/CD pipelines, and engineering best practices. Qualifications & Experience Degrees, Diplomas & Certifications Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent work experience. Desirable certifications: relevant security certifications such as Azure Security Engineer Associate (AZ-500), AWS Certified Security Specialty, CCSP, OSCP, CISSP. Years and Range of Experience Required to Perform the Job 7+ years in cybersecurity with 5+ years focused on cloud security engineering/architecture (Azure preferred; AWS an asset), including leadership of cross‑functional initiatives. Hands‑on experience with CNAPP and cloud governance solutions, such as Microsoft Defender for Cloud, Azure Policy, or AWS Control Tower. Expertise in cloud security architecture, particularly: Identity and access management (OAuth2, OIDC, JWT, federation, CIAM) Network micro‑segmentation and Zero Trust design Data protection, encryption, secrets management API security best practices and securing third‑party integrations Proven experience conducting structured threat modeling and embedding outputs into engineering workflows. Strong experience securing Infrastructure‑as‑Code (Terraform preferred), including policy‑as‑code frameworks (OPA/Rego, Sentinel, Azure Policy). Experience building or maintaining cloud‑native SIEM and detection engineering (e.g., Microsoft Sentinel), including threat detection, incident analysis, and automation. Experience supporting cloud incident response, including log analysis, identity compromise investigation, and containment in Azure/AWS environments. Knowledge of cloud supply chain security, including SBOMs, signed builds, dependency scanning, and pipeline integrity (SLSA or similar frameworks). Excellent collaboration and communication skills, with the ability to explain complex security concepts to developers and non‑technical stakeholders. Familiarity with securing cloud‑based data platforms, analytics services, and emerging AI/ML workloads. Solid understanding of OWASP, NIST, CIS benchmarks, and cloud security frameworks. Familiarity with financial industry regulatory and compliance standards (e.g., PIPEDA, OSFI, SOC 2). Additional Information While we thank everyone for their interest in Haventree Bank, please note that only candidates selected for an interview will be contacted. Haventree Bank is committed to providing accommodation when needed. If you require an accommodation, we will work with you to meet your needs. Equal Opportunity Haventree Bank embraces equal opportunity, diversity, and inclusion. Please let us know if you require any accommodations during the recruitment and selection process by contacting #J-18808-Ljbffr