Location: Ottawa, ON - Hybrid
Working hours/Hour Per Day: 7.5
Day Rate: $800-900/day
Requirements: Secret Clearance
Job Title: IT Security Threat & Risk Assessment
Job Description:
The client is looking for an L3 IT SECURITY TRA & C&A ANALYST consultant with cybersecurity assessment expertise in support of current and inflight Secret-level initiatives
Primary Responsibilities:
- Provide expertise on information security and GC security policy.
- Develop artifacts related to the technology area for which they have been contracted
- This may include the following types of deliverables:
o SA&A Plans
o Schedules
o Test/Security test strategies
o Detailed Designs for system components
o Test Plans/Test Results
- Conduct and participate in design reviews.
- Provide architectural input and security design support to the overall design and development processes.
- Provide management, mentoring and oversight to the GCSI team; and
- Other related activities as determined by the SSC Authorities.
- Manage collateral on all service security and SA&A requirements.
- System and subsystem solution designs compliant with policy, business, security, operational and support requirements.
- Detailed system and subsystem technical, development, integration, interface and build documentation.
- Functional and technical test plans, test cases and test results documentation.
- Technical collateral for cost/benefit analysis and proposals.
- Detailed root cause analysis documentation.
- Detailed Change Request technical analysis documentation; and Operational collateral.
- Work in partnership with all stakeholders to identify technical architecture, challenges, risks, and recommendations for various SSC projects related to the SSC’s Transformation Programs/Initiatives.
- Collaborate with all stakeholders on the evaluation of any relevant data from service providers, transformation teams, project management build teams and operational teams.
- Conduct analysis of Current State Assessments in support of GC and SSC Cyber and IT Security core transformation programs
- Produce various security artifacts as needed
- Participation in related IT Security meetings, discussions and presentations to stakeholders or senior management.
- Document, review and track actions and meetings decisions.
- Perform security impact assessment with the perspective of an enterprise solution, evaluate and make recommendations.
- Create presentations and present to various stakeholders including senior management and facilitate meetings and discussions.
- Provide Security Training & Awareness.
- IT Security requirements support for GC and SSC Cyber and IT Security Transformation Programs comprised of, but not limited to:
o Review business and IT Security requirements from various SSC programs and initiatives
Must Have:
- Must have Secret clearance
- Must have a 3 year college diploma (computer science or other IT related field) OR a university degree at a bachelor level in IT or other IT related fields or a minimum of 10 years of working experience in IT
- Must clearly demonstrate has 10 years experience performing tasks similar to the tasks below.
- Must have 10 years of demonstratable, Practical, experience in the identify threats to, and vulnerabilities of operating systems architecture, identify personnel, technical, physical and procedural threats to and vulnerabilities of Federal, Provincial or Territorial IT systems
- Must have 8 years of experience developing reports such as:
o Data Security Analysis
o Concepts of operation
o Statements of Sensitivity (SoSs)
o Threat assessments
o Privacy impact Assessments (PIAs)
o Non-technical Vulnerability Assessments
o Risk Assessments
o IT Security Threat
o Vulnerability
o Risk Briefings
- Must have more then 10 years of experience reviewing the certification results. Creating design review documentation for the Accreditation Authority to ensure that the system will operate with an acceptable level of risk and that it will comply with the departmental and system security policies and standards and identify the conditions under which a system is to operate
- Must clearly demonstrate the proposed resource has experience preparing and/or delivering IT Security threat, vulnerability and/or risk briefings
- Must have more then 10 years of experience in the review, analysis and application of GOC IT Security policies, System IT Security products, safeguards and best practices, and the IT Security risk mitigation strategies for a GC Classified enterprise system with a combined client base of at least 2500 users
Pay: $800.00-$900.00 per day
Ability to commute/relocate:
- Ottawa, ON: reliably commute or plan to relocate before starting work (preferred)
Education:
- Bachelor's Degree (preferred)
Location:
Work Location: Hybrid remote in Ottawa, ON