Sr. It Security Analyst

Description:

Sr. IT Security Analyst

Location: Ottawa, Ontario, Canada (Hybrid – 2 days per week onsite)

Project Duration: Long Term Contract

Job Description:

Notes:

• Must be local to Ottawa – will not consider fully remote resources.
• Must hold the 2 certificates as mentioned in the job description.
• Must hold a valid secret security clearance.

JD:

• Provide technical research into various issues as requested for Security Assessment & Authorization (SA&A) activities.
• Meet weekly with the project teams and Life Cycle Application Manager (LCAM) to discuss the status of their SA&A tasks.
• Aid as necessary for security evidence collection and provide formal security risk documentation.
• Mature, or assist in maturing documentation for the Electronic Selection Board (ESB) and Defence Learning Network (DLN) SA&A project, including security Concept of Operations (CONOPS), Security Categorization Report (SCAR), Plan of Action & Milestone (PoAM), Data Dictionary, and security controls questionnaire.
• Provide guidelines to the project teams and LCAM on how to complete the priority and tailored security control implementation.
• Determine how vulnerability management, identity and access management, audit control, incident response, data loss prevention, zoning, awareness training, system and services acquisition, will be implemented and maintained throughout the Software Development Lifecycle (SDLC) of the ESB and DLN projects.
• Assess architecture diagrams for ESB and DLN and determine if they comply with the Enterprise Architecture (EA) program and security requirements, or if the implemented architecture meets the required confidentiality, integrity, and availability (CIA) levels.
• Review documentation, security questionnaires, and evidence from the project teams prior to Interim Authority to Operate (IATO) and ATO assessments.
• Confirm with the project teams and LCAM that the implemented security controls are properly documented and supported by evidence in accordance with the SA&A process and identify any weaknesses or deficiencies in security controls implemented or missing.
• Help to prepare and package interim Authority to Operate (iATO) or ATO documentation and evidence, preparing for assessment by the
• Attend biweekly SA&A team status meetings and documentation review sessions, as well as solution/application development team DevOps Sprint meetings, and other ad-hoc team meetings as necessary, contributing input where required.

Required Experience:

• Must have 6+ years of recent experience in the development of Security Assessment and Authorization (SA&A) artefacts for governmental (federal or provincial), para-governmental or related private organizations.
• Must have 6+ years of recent experience with the following:
• Security Categorization Reports
• Business Needs Statements for Security Requirements
• Security Requirements Traceability Matrices
• Security Concept of Operations
• Security Assessment Reports, including documented evidence of security control implementation
• Threat and Risk Assessment Reports.
• Must hold a valid Secret Security Clearance (Secret Level II) with the Government of Canada.
• Must have a Certificate, Diploma, or Degree in Computer Science or other relevant field from a recognized Canadian post-secondary institution.
• Must hold an (ISC)2 Certified Information System Security Professional (CISSP) certification.
• Must hold an ISACA Certified Information Systems Auditor (CISA) certification.
• Must be located in the National Capital Region and able to work a hybrid model in Nepean (2 days a week onsite).

Assets/Preferences:

• Bilingual in English and French an asset.
• Additional Security related certificates preferred.