Senior SA&A to provide guidance on security authorizations (ATO) and on regulations, policies following ITSG-33 guidelines for a RPA/cloud based applic

Our Valued Public Sector Client is seeking a Senior SA&A to provide guidance on security authorizations (ATO) and on regulations, policies following ITSG-33 guidelines for a RPA/cloud based application.

Project Description:

Provide SA&A support to re-certify a suite of applications.

Must Have:

• SA&A (10+ years)
• RPA [Robotic Process Automation] (1+ year)
• Cloud security project for Government of Canada (3+ years)

Responsibilities:

• Review, analyze, create and/or update relevant SA&A documentation such as: Concept of Operation, IT Security Architecture, Statement of Sensitivity, and Statement of Acceptable Risk.
• Provide subject matter expertise on relevant regulations and policies and relevant frameworks/standards such as ITSG-33. ISO27001, NIST.
• Capture compliance requirements and a list of outcomes for expected activities in the areas of people, process and technology for the program;
• Provide operational security experience (SOC, Vulnerability management, Incident Response, Audits, etc.).
• Provide Security Authorization (“ATO” - the Authority to Operate) by advising and maintaining current security risk management decisions.
• Support information security incidents investigation, coordinate incident response and reporting
• Provide support for internal/external audit and information security assessments by client
• Conduct security testing and evaluation (ST&E) to determine if the technical safeguards are functioning correctly, Assess the residual risk provided by the risk assessment to determine if it meets an acceptable level of risk

Nice to Haves:

• Security Certification (ex: CISSP, CISA, CISM, ASEA, CCSP)