Ce recruteur est en ligne!

Voilà ta chance d'être vu en premier!

Postuler maintenant

Senior SA&A to provide guidance on security authorizations (ATO) and on regulations, policies following ITSG-33 guidelines for a RPA/cloud based applic

Ottawa, ON
  • Nombre de poste(s) à combler : 1

  • À discuter
  • Emploi Contrat

  • Date d'entrée en fonction : 1 poste à combler dès que possible

Our Valued Public Sector Client is seeking a Senior SA&A to provide guidance on security authorizations (ATO) and on regulations, policies following ITSG-33 guidelines for a RPA/cloud based application.


Project Description:

Provide SA&A support to re-certify a suite of applications.


Must Have:

  • SA&A (10+ years)
  • RPA [Robotic Process Automation] (1+ year)
  • Cloud security project for Government of Canada (3+ years)


Responsibilities:

  • Review, analyze, create and/or update relevant SA&A documentation such as: Concept of Operation, IT Security Architecture, Statement of Sensitivity, and Statement of Acceptable Risk.
  • Provide subject matter expertise on relevant regulations and policies and relevant frameworks/standards such as ITSG-33. ISO27001, NIST.
  • Capture compliance requirements and a list of outcomes for expected activities in the areas of people, process and technology for the program;
  • Provide operational security experience (SOC, Vulnerability management, Incident Response, Audits, etc.).
  • Provide Security Authorization (“ATO” - the Authority to Operate) by advising and maintaining current security risk management decisions.
  • Support information security incidents investigation, coordinate incident response and reporting
  • Provide support for internal/external audit and information security assessments by client
  • Conduct security testing and evaluation (ST&E) to determine if the technical safeguards are functioning correctly, Assess the residual risk provided by the risk assessment to determine if it meets an acceptable level of risk


Nice to Haves:

  • Security Certification (ex: CISSP, CISA, CISM, ASEA, CCSP)
Apply

Exigences

Niveau d'études

non déterminé

Années d'expérience

non déterminé

Langues écrites

non déterminé

Langues parlées

non déterminé