IT Security Consultant

November 22 2019
Categories Information Technology, Consultation, Business analyst, Security, Continuity, Risk
London, ON

McCormick Canada continues its long track record of growth and is a respected leader in the spice, seasoning, flavouring and specialty food industry. Our consumer products division serves retail grocery customers and emerging channels with Club House, Billy Bee and McCormick products, while our Custom Flavour Solutions division serves food service distributors and other respected food manufacturers across Canada. McCormick Canada is part of the world leader in spice and seasonings, McCormick & Company Inc.

The Power of People is one of our five pillars. It has been the foundation for McCormick's success for decades. There is something inspiring about working at McCormick. We have created an unusually dedicated workforce by fostering a culture of respect, recognition, inclusion and collaboration based on the highest ethical values. Without our employees, our success is not possible. Our commitment to our customers, our consumers and our employees is unsurpassed.

McCormick & Company, Inc., a world leader in the spice, flavor and seasonings industry, is seeking a full time IT Risk Security Architect. This is position will be located in Hunt Valley, MD, US, London, ON, Canada or Lodz, Poland. This position will report to the Director, IT Security Strategy and Risk.

Position Overview/Primary Purpose:

The role of the IT Risk Architect is to enable business and IT leaders to make investment decisions that balance and prioritize risk with the longer-term strategic vision of the organization. Furthermore, the Risk Architect provides technology guidance, road maps, principles, standards, security, and best practices regarding risk. -first Strategy. This role will be focusing on assessing the security risk and regulatory compliance for cloud foundational components in IaaS, PaaS, SaaS such as Microsoft Azure and SAP Hana. The IT Risk Architect will work with a team of cybersecurity professionals that performs security risk assessments, develops policy, and consults on the risk of all IT projects and initiatives.

This position maintains and creates strategic policy-based framework composed of standards, processes, roles, metrics, and response processes that holds McCormick ad its business partners accountable for the proper provisioning and operation of IT services. The framework must enable McCormick to achieve its business objectives and to accomplish compliance with external requirements including regulatory, be customer driven, and minimize risk. The position will work closely with the Security Architecture and Threat team, and other strategic teams in IT and across business.


  • Securely enable the business and IT: Identification of the policies, standards, and controls that are required to effectively manage the confidentiality, integrity, and availability of McCormick’s information assets and IT services.
  • Work on the development and maintenance of IT Security risk and threat management program, strategy, architecture and capabilities roadmap covering security risk across the enterprise
  • Partner with Managed/External Service Providers and use internal tools and resources to ensure cyber security risks are identified, evaluated, communicated and subsequently managed for the entire life of the risk. Use appropriate tools and processes (e.g. GRC) to track issues and risks.
  • Escalate potential cyber risk issues to management and ensure the proper documentation including exceptions are logged and maintained.
  • Leverage security capabilities and threat intelligence to identify potential risks
  • Create innovative and cost-effective solutions for key risks areas
  • Effectively challenge the technology and business project design, risk acceptances, exceptions, issues and remediation plan in support of the risk control practices.
  • Oversee IT and Cyber Risk regulatory compliance to IT and IT risk Management domains.
  • Aligns risk level with business goals. Defines, explains, and advocates technology strategy and security.
  • Consults with project teams to review enterprise architecture for risk, as well as to identify when it is necessary to modify the enterprise architecture to mitigate risk. Ensure that all IT solutions follow security, compliance controls, and conformance to McCormick IT security standards.
  • Provide expertise, direction, and assistance to Systems Analysts, Systems Engineers, Systems Architects, Security and software development teams to identify and mitigate risk.
  • May require on-call responsibilities to support after hours and weekend escalations as needed

Required Qualifications:

  • ?Bachelor's degree in a Technical or Business field as it relates to the specific Architecture discipline
  • 10 or more years of IT Security and application development/industry work experience including architecture design and deployment, systems lifecycle management, and/or infrastructure planning and operations.
  • Highly competent one or more Enterprise Architecture disciplines.
  • Moderate competencies in multiple Enterprise Architecture disciplines such as architecting and building IaaS, PaaS, & SaaS cloud solutions for a large corporation especially with Microsoft Azure.
  • A broad, enterprise-wide view of the business and varying degrees of appreciation for strategy, processes and capabilities, security, enabling technologies, and governance.
  • The ability to recognize risk within the organization, functional interdependencies, and cross-silo redundancies.
  • The ability to apply architectural principles to business solutions leveraging one or more security frameworks – Cloud Security Alliance, PCI DSS, ISO 27001, NIST
  • Moderate experience with continuous integration concepts and tools, such as Jenkins, Microsoft VSTS, Terraform, Foundations, and Azure Resource Manager (ARM).
  • The ability to assimilate and correlate disconnected documentation and drawings and articulate their risk relevance to the organization and to high-priority business issues.
  • Experience planning and deploying both business and IT initiatives.
  • Experience modeling business processes using a variety of tools and techniques.
  • Exceptional communication skills and the ability to communicate appropriately at all levels of the organization; this includes written and verbal communications as well as visualizations.
  • The ability to act as liaison conveying risk to the business to IT and data constraints to the business; applies equal conveyance regarding business strategy and IT strategy, business processes and work flow automation, business initiatives and IT initiatives, and benefit realization and service delivery.
  • Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA), or Certified Information Security Manager (CISM) Certifications in CCSK (Cloud Security Alliance), CISSP, or CCSP
  • Proficiency in English, both written and verbal
  • Strong time management, organizational and prioritization skills
  • Ability to think strategically; strong analytical, problem solving and decision-making skills
  • Global business and functional acumen - Understand the complexity of business on a global scale. Embrace cultural and individual differences with empathy. Work with the nuances of specific cultures to make informed decisions.

Preferred Qualifications:

  • MBA or Masters degree in a relevant technical field
  • TOGAF, Zachman or other Enterprise Architecture Certification Program or Project Management (PMP).
  • 2+ year public cloud IAAS experience (Azure, AWS)

Throughout the selection process, accommodations for applicants with disabilities are available upon request. Please notify H.R. if required.

Apply now! network