Introduction Your role and responsibilities Key Responsibilities
-
Design and implement enterprise encryption strategies, including data-at-rest, data-in-transit, and data-in-use protection.
-
Lead the transition to quantum-safe cryptography, assessing risks and adopting post-quantum algorithms.
-
Architect and deploy Public Key Infrastructure (PKI), including certificate lifecycle management, HSM integration, and key management solutions.
-
Develop cryptographic policies and advise on best practices for key rotation, algorithm selection, and quantum-safe readiness.
-
Evaluate and integrate hardware security modules (HSMs), cloud KMS, and crypto agility frameworks.
-
Ensure cryptographic compliance with Canadian federal and provincial regulations (e.g., PIPEDA, Law 25, PCI DSS, and Government of Canada IT Security Standards)
-
Assist clients in deploying data discovery and classification tools to identify and protect sensitive information in compliance with Canadian privacy laws.
-
Implement privacy-enhancing technologies (PETs), including tokenization, pseudonymization, and differential privacy.
-
Provide expertise on PIPEDA, Québec's Law 25, FOIPPA (British Columbia and Alberta), and other data protection frameworks.
-
Develop risk assessments for data sovereignty, cross-border data transfers (U.S. CLOUD Act risks), and encryption-based data controls.
-
Ensure cryptographic solutions align with Canadian government and financial sector compliance requirements.
Required education Required technical and professional expertise
-
10 years in cybersecurity with a focus on cryptography, PKI, and encryption.
-
Hands-on experience with HSMs (Thales, Entrust, AWS CloudHSM), KMS (AWS KMS, Azure Key Vault, Google Cloud KMS), and PKI solutions.
-
Expertise in quantum-safe cryptography, including NIST PQC standards and migration strategies.
-
Knowledge of cryptographic libraries such as OpenSSL, Bouncy Castle, KMIP, and Microsoft CNG.
-
Experience with data discovery tools (Qohash, BigID, Varonis, Spirion) and privacy-enhancing technologies.
-
Strong understanding of Canadian regulatory frameworks:
-
PIPEDA (Personal Information Protection and Electronic Documents Act)
-
Québec's Law 25 (Modernized privacy law requiring encryption of sensitive data)
-
FOIPPA (British Columbia and Alberta's Freedom of Information and Privacy Acts)
-
OSFI Guidelines (Canadian financial sector security and encryption compliance)
-
PCI DSS (For companies handling payment data)
-
Government of Canada IT Security Standards (for public sector clients)
-
Certifications like CISSP, CCSP, CISM, CEH, or specific cryptographic certifications (CISSP-ISSAP, CCSP, etc.).
-
Hands-on experience with container security (Kubernetes, Istio) and cloud-native cryptographic controls.
Job Title Employment type Position type Professional Company Shift
IBM
