Intermediate TRA and SA&A Analyst to develop security plans and assess their current security infrastructure
S.i. Systems
Ottawa, ON-
Number of positions available : 1
- Salary To be discussed
-
Contract job
- Published on October 30th, 2024
-
Starting date : 1 position to fill as soon as possible
Description
Our Valued Public Sector Client is seeking the services of a Intermediate TRA and SA&A Analyst to develop security plans and assess their current Security infrastructure
Description:
The client is looking for a IT Security TRA and SA&A Analyst who will take a lead role in conducting security assessments and providing support for security assessment and authorization (SA&A) processes.
The Analyst will be responsible taking initiative in coordinating with stakeholders, organizing meetings, and ensuring timely follow-ups without requiring constant direction. This involves ensuring that security risks are identified, managed, and mitigated across CIHR’s IT infrastructure. They will also support updating security policies, procedures, and cyber security incident management processes.
Tasks:
- Creating SA&A plans
- Assisting clients in completing Statements of Sensitivity and System Profile Descriptions
- Conducting Threat and Risk Assessments
- Assessing classified systems and implementing data protection measures
- Assessing systems, cloud infrastructure and SaaS applications in varying IT environments, including complex environments
- Complex environments are characterized by multiple interconnected systems and applications, varied technologies, and may span on-premises and cloud infrastructures, including cloud and multi-zone deployments
- Creating Security Requirements Traceability Matrices based on ITSG-33, while also incorporating requirements from other frameworks as necessary
- Creating Security Assessment Reports, Safeguard Implementation Plans
- Preparing Authorization decision letters
- Evaluating and managing supply chain risks
- Organizing and coordinating meetings/consultations with clients and cross-functional teams of technical and non-technical stakeholders
- Communicating risk assessment and mitigation strategies to both technical and non-technical stakeholders.
- Collaborating with Shared Services Canada (SSC) and the Canadian Centre for Cyber Security (CCCS)
- Updating IT Risk Management Strategy and Departmental Plan & Policies
Must Have:
- 5+ years SA&A and TRA Experience
- Reliability Clearance
- Extensive experience with safeguards and Government of Canada Guardrail (ITSG-33) policies
- 2 years working with the public sector (federal, provincial, or municipal government, or Crown corporation).
Nice to have:
- Certified Information Security Manager (CISM)
- Certified Information System Security Professional (CISSP)
Requirements
undetermined
undetermined
undetermined
undetermined
Other S.i. Systems's offers that may interest you