Senior IT Security TRA and SA&A Analyst to ensure that new and legacy applications are compliant with current security standards with in the public sec

Our valued public sector client is seeking a Senior IT Security TRA and SA&A Analyst to ensure that new and legacy applications are compliant with current security standards.

Responsibilities:

• Conduct information and fact-finding interviews with various stakeholders and SMEs from across IT and business community.
• Review, analyze, and/or apply Federal and Departmental IT Security policies, Security Assessment and Authorization processes, and IT Security risk mitigation strategies.
• Identify personnel, technical, physical, and procedural threats to and vulnerabilities of operating such environment.
• Conduct security assessment activities such as: Verify that security safeguards meet the applicable policies, standards and security control profiles, validate the security requirements by mapping the system-specific security policy to the functional security requirements, and mapping the security requirements through the various stages of design documents, verify that security safeguards have been implemented correctly and that assurance requirements have been met. This includes confirming that the system has been properly configured, and establishing that the safeguards meet applicable standards, conduct evaluation of applicable security controls by completing Security Requirements Traceability Matrix (SRTM) gap analysis to determine if the technical safeguards are functioning correctly, assess the residual risk provided by the risk assessment to determine if it meets an acceptable level of risk.
• Conduct Authorization activities such as: Review of current and previous assessment results in the design review documentation by the Authorizing Authority to ensure that the system will operate with an acceptable level of risk and that it will comply with the departmental and system security policies and standards and identify the conditions under which a system is to operate (for approval purposes). This may include the following types of approvals:
• Provide approval by both the Operational and the Authorization Authorities to continue secure operation of various legacy systems.
• Operational written approval for the implemented IT system to operate and process sensitive information if the risk of operating the system is deemed acceptable, and if the system is in compliance with applicable security policies and standards.
• Interim authority or temporary written authority to operate and process information under a set of extenuating circumstances where the risk is not yet acceptable, but there is an operational necessity for the system under development.
• Development new Security assessment standard streams that meets modern requirements.

Must Haves:

• Active Secret Clearance
• 10+ years as a Security Assessment and Authorization (SA&A) Analyst
• 5+ years experience using the Government of Canada (GC) methodology - "IT Security Risk Management: A Lifecycle Approach (ITSG-33)"