Sr IT Security Design Specialist to provide expertise on IT security and GC security policy

Our valued public sector client requires the services of a Senior IT Security Design Specialist to provide expertise on IT security and GC security policy.

The Government of Canada (GC) is continuing to make great strides in becoming a digital-first organization.

The organization is looking to improve the GC Information Technology (IT) infrastructure and the user experience by consolidating, modernizing, and standardizing where possible. Priorities to support the delivery of government-wide digital transformation include:

• Ensuring the Government’s network is secure, fast and reliable.
• Providing public servants, the digital tools they need and that support a modern workplace.
• Helping to ensure the health of government systems and the modernization of applications by moving data to the Cloud or modern data centres; and
• Enabling government-wide transformations through the creation of standards, revised services, and a new funding model.

Infrastructure Security Operations (ISO) is responsible for planning, designing, building, operating and maintaining effective, efficient and responsive cyber and IT security infrastructure to protect GC data and technology assets. ISO delivers technical safeguards that protect the government network systems and services by detecting and preventing unauthorized access, misuse, modification and denial of network-accessible resources and data. ISO provides protection through perimeter/border defense services, intrusion detection and prevention services, wired/wireless protection services and web filtering services. End-point protection and security monitoring are done through anti-virus/malware services, end-point management services, event logging and auditing services, and compliance threat and vulnerability assessment infrastructure services.The ISO directorate also provides enterprise-level authentication services to both GC employees and external client communities such as Canadian citizens and businesses. Enterprise Mandated Services comprise Internal and External Credential Management, Government of Canada Internal Credential Management services, Management of Identity, Credential Authentication, and Public Key Infrastructure.

Tasks:

• Provide expertise on information security and GC security policy.
• Develop artifacts related to the technology area for which they have been contracted. This may include the following types of deliverables: SA&A plans, schedules, test/security test strategies, detailed designs for system components, test plan/test results
• Conduct and participate in design reviews.
• Provide architectural input and security design support to the overall design and development processes.
• Provide support to sales and product management groups for all GCSI programme requirements.
• Provide management, mentoring and oversight to the GCSI team; and
• Other related activities as determined by the Authorities.
• Management collateral on all service security and SA&A requirements.
• System and subsystem solution designs compliant with policy, business, security, operational and support requirements.
• Detailed system and subsystem technical, development, integration, interface and build documentation.
• Functional and technical test plans, test cases and test results documentation.
• Technical collateral for cost/benefit analysis and proposals.
• Detailed root cause analysis documentation.
• Detailed Change Request technical analysis documentation; and Operational collateral.
• Work in partnership with all stakeholders to identify technical architecture, challenges, risks, and recommendations for various SSC projects related to the Transformation Programs/Initiatives.
• Collaborate with all stakeholders on the evaluation of any relevant data from service providers, transformation teams, project management build teams and operational teams.
• Program as well as other CITS core transformation programs.
• Conduct analysis of Current State Assessments in support of GC and Cyber and IT Security core transformation programs.
• Produce various security artifacts as needed.
• Participation in related IT Security meetings, discussions and presentations to stakeholders or senior management.
• Document, review and track actions and meetings decisions.
• Perform functional and options analysis in support of program delivery.
• Perform impact analysis with the perspective of an enterprise solution, evaluate and make recommendations.
• Create presentations and present to various stakeholders and facilitate meetings and discussions.
• Provide Security Training & Awareness.
• IT Security requirements support for GC and Cyber and IT Security Transformation Programs
• Review business and IT Security requirements from various SSC programs and initiatives
• Work in partnership with all stakeholders to develop security control profiles based on CSEC ITSG-33 and other related security standards, in support of various projects related to Transformation Programs/Initiatives
• Validate IT Security requirements by mapping business and/or security requirements through the various stages of the Information System Security Implementation Process (ISSIP)
• Analyze and evaluate client requirements and documentation
• Plan, conceptualize, coordinate, and document recommendations for solutions based on client requirements
• Perform impact analysis with the perspective of an enterprise solution, evaluate and make recommendations
• IT Security strategies, frameworks, models, methodologies, roadmaps, plans, heat maps, RACI matrices, policies, instruments
• Security Risk Management, including risk assessment methodologies
• Security Assessment & Authorization (SA&A)
• Develop IT Security policy in the areas of IT security and assurance, standard Certification & Accreditation frameworks for IT systems, information infrastructure protection, product evaluation, privacy, Business Continuity Planning, contingency planning and Disaster Response Planning, Research & Development, and IT Security Service Management
• Per ITSG-33 ISSIP security lifecycle process, determine and document related security controls based on GC, NIST and other guidance for input into Enterprise architecture documents, RFP SOWs, and in order to fulfill the SA&A process

Apply