Senior Secret Cleared Security Architect (10+ Years) to provide advice and guidance on an Enterprise Wide solution within the Public Sector

Our valued Public Sector client is seeking Senior Secret Cleared Security Architect (10+ Years) to provide advice and guidance on an Enterprise wide solution

As the Government of Canada (GC) moves with consolidation and renewal of its Application environment as well as the Information Technology (IT) infrastructure, it will design and implement a more effective and efficient architecture including proper selection and concise implementation of security controls that will result in the creation of numerous architecture views that will further strengthen the security position and posture of a consolidated GC information technology/information systems (IT/IS) environment. A goal of the GC Enterprise Security Architecture (ESA) program is to promote a whole-of government approach and ensure that security is integrated from the outset within current business practices and risks addressed throughout the system life cycle. This includes continuous monitoring of the digital environment which requires consideration of the cyber threat and risk landscape, in order to inform decision-making and influence how the government prioritizes corrective actions across the enterprise to ensure maximum protection of assets. The GC must explore methods to ensure that enterprise risks are effectively identified, managed, and monitored as part of an integrated approach.

Must Haves:

• 10+ years working within the Federal government using IT security controls, or the evaluation of threats and risks, or the interpretation and application of ITSG-33 IT Security Risk Management Framework, for complex, enterprise-wide applications or information systems
• 5+ years with Azure Cloud
• Secret Clearance

Tasks:

• Review project artifacts related to GC enterprise and departmental initiatives and provide comments and recommendations as appropriate;
• Review threat modelling guidance and provide inputs as appropriate;
• Prepare, review and update presentation material required by Working Groups and GC management in support of the establishment of a cyber security operational activities;
• Prepare, review and update security assessment artifacts required to support the client's input in departmental risk assessments.
• Assist in meetings as required by the GC to present, take minutes or provide expertise as necessary; and
• Author, review and update relevant artifacts as required.
• Working with government departments on determining level of risk for various deployments by performing in-depth reviews and solution design gap analysis between existing controls and attack vectors.
• Performing security assessments for various projects that have cloud presence (Azure).
• Reviewing and contributing to Concept of Operations (ConOps), Technical Requirements Document (TRD), Work Intake Form (WIF), Records of Review (ROR) and other documents that are part of Security Assessment and Authorization (SA&A) and are required for obtaining Authority to Operate (ATO).
• Providing input and feedback and preparing required SA&A documentation.
• Advising and informing senior management to ensure applicable security practices and procedures are followed for various projects.
• Advising senior management to enable them to make well informed decisions for each project when it comes to risk assessment and acceptance according to government policies and directives.
• Providing guidance on diverse cybersecurity subjects and engaging in the assessment of information systems across various impact levels, including evaluations of Cloud service solutions