It Security & C&a Analyst

 

Description:

About Us:

Maplesoft Group is currently seeking a Hybrid IT Security & C&A Analyst for our client in Ottawa, ON.

Position Summary:

The Scope of Work is to provide infrastructure implementation, security compliance, and information management support services in accordance with Government of Canada standards, policies and directives. This includes internal strategic IM/IT plans and priorities and the integration of all IM/IT modernization business priorities.

Key Responsibilities:

• Conduct Security Assessments for IM/IT projects, including Security Assessment & Authorization (SA&A) as required by departmental and Government of Canada security policies and procedures.

• Lead the development and coordination of IT security risk assessments for new and existing IM/IT systems, services, and platforms, ensuring identification of threats, vulnerabilities, and potential business impacts.

• Develop or contribute to the preparation of security documentation and procedures such as Security Assessment Reports (SARs), Security Control Profiles, Statements of Sensitivity (SoS), Privacy Impact Assessments (PIAs), and IT Security Implementation Plans (ITSIPs).

• Ensure security controls are identified, implemented, and assessed in accordance with relevant frameworks such as GC cybersecurity event management guidance, and departmental security directives.

• Collaborate with project teams, technical specialists, information management leads, and departmental security authorities to ensure IM/IT projects meet applicable security compliance requirements throughout the project lifecycle.

• Present security risks and recommendations to stakeholders, including senior management and governance committees, in clear, actionable formats to support timely decision-making.

• Support the development and continuous improvement of departmental processes and guidance for conducting IT security assessments and authorizations.

• Monitor and report activities for projects on a continuous basis.

Required Qualifications:

• Microsoft Certified: Cybersecurity Architect Expert

• A copy of the certificate will be required.

• A diploma or degree in Computer Science or equivalent post-secondary, minimum 3-year program.

• A copy of the diploma or degree will be required.

• A minimum of ten (10) years of experience within the last 15 years performing IT Security & C&A Analyst duties in an IT environment.

• A minimum of two (2) projects in the past ten (10) years leading the preparation and development of Accreditation documents, such as:

• Developing Security Certification Plans;

• Verifying that security safeguards meet the applicable policies and standards;

• Validating the security requirements by mapping the system-specific security policy to the functional security requirements;

• Mapping the security requirements through the various stages of design documents;

• Verifying that security safeguards have been implemented correctly and that assurance requirement have been met.

• A minimum of two (2) projects in the past ten (10) years leading the preparation and, at least two (2) of the following reports:

• Data security analysis;

• Concepts of operation;

• Statements of Sensitivity (SoSs);

• Threat assessments; and

• Privacy Impact.

• A minimum of five (5) years of combined experience within the past ten (10) years with the preparation of the following security documentation and procedures:

• Security Assessment Reports (SARs);

• Security Control Profiles;

• Statements of Sensitivity (SoS);

• Privacy Impact Assessments (PIAs;, and

• IT Security Implementation Plans (ITSIPs).