Senior It Security Assessment Consultant (Azure)

About the role

Calian is currently hiring a Senior IT Security TRA Analyst to perform the following duties REMOTELY (Off-site work)

• TBS’s PGS – Policy on Government Security

• Work in line with the following

  
  
  
  

  • TBS’s DSM - Directive on Security Management

    
    
  
  

  • TBS’s PGS – Policy on Government Security

    
    
  
  

  • CSE’s ITSG-33 Guidance

    
    
  
  

  • CSE’s Top 10 IT Security Actions

    
    
  
  

  • Evaluation to be conducted against the Government of Canada Security Control Profile for cloud-based GC Services (4. GC Cloud PBMM Security Control Profile).

    
    
  
  
  
  
• Prepare a final Security Assessment Report summarizing the findings following SRTM evaluation.
• 
  
  • Review the security requirements traceability matrix (SRTM) and evidences
  
  
  
  

• Security Assessment Report

  
  
  
  
  • Prepare a final Security Assessment Report summarizing the findings following SRTM evaluation.
  
  
  
  

• Security Requirements Traceability Matrix (SRTM)

  
  
  
  

  • Evaluate, against the Government of Canada Security Control Profile for GC Services, the current posture of tenant. This will require grading (PASS, FAIL) for each requirement.

    
    
  
  

  • Set clear expectations per control (or group of controls) as to what is required to confirm these controls are in place and functioning as expected.

    
    
  
  
  
  
• TBS’s DSM - Directive on Security Management
• Set clear expectations per control (or group of controls) as to what is required to confirm these controls are in place and functioning as expected.
• Evaluate, against the Government of Canada Security Control Profile for GC Services, the current posture of tenant. This will require grading (PASS, FAIL) for each requirement.
• Set clear expectations per control (or group of controls) of the SRTM as to what is required to confirm these controls are in place and functioning as expected.
• CSE’s Top 10 IT Security Actions
• Evaluation to be conducted against the Government of Canada Security Control Profile for cloud-based GC Services (4. GC Cloud PBMM Security Control Profile).
• Develop/update/maintain the Security Requirements Traceability Matrix (SRTM) and the Security Assessment Report.
• Review the security requirements traceability matrix (SRTM) and evidences
• CSE’s ITSG-33 Guidance

The qualifications

• Threat modeling,
• Statement of Acceptable Risk

• 5+ years’ experience reviewing the following documents

  
  
  
  

  • Statement of Sensitivity,

    
    
  
  

  • Statement of acceptable risk

    
    
  
  

  • Asset Categorization,

    
    
  
  

  • Threat modeling,

    
    
  
  

  • Business Needs for Security,

    
    
  
  

  • Statement of Acceptable Risk

    
    
  
  
  
  
• Identification of residual risk.
• Statement of Sensitivity,
• 10 years’ relevant experience in Security Assessment & Authorization (SA&A) and TRA work
• Experience understanding and applying GC IT Security policies
• Language English
• Business Needs for Security,
• Statement of acceptable risk

• Experience in the development of the following

  
  
  
  

  • IT security controls (ITSG33 based) and applicable safeguards;(based on business requirements)

    
    
  
  

  • Assessment of mitigation strategies;

    
    
  
  

  • Identification of residual risk.

    
    
  
  
  
  
• IT security controls (ITSG33 based) and applicable safeguards;(based on business requirements)
• 5+ years’ direct experience performing SA&A work for Azure and working in cloud environments
• 5+ years’ experience undertaking developing interpreting and applying IT C&A/SA&A methodology and policies instruments.
• 5+ years’ experience working as a TRA Analyst with experience developing and updating TRAs
• Asset Categorization,
• Clearance Secret (mandatory)
• 5+ years’ project experience & direct working knowledge of the GC standards, policies and guidelines and the principles of security and privacy by design.
• 5+ years’ direct experience in the assessment of evidence and writing of formal Security Assessment reports (ITSG-33 based).
• Assessment of mitigation strategies;

Type of Assignment

Contract, Part-time

# #ID-LL1#

Become a part of the Calian team and join over 3,000 professionals working on projects that span Canada, U.S. and international markets. Our capabilities are diverse enabling us to offer professionals career opportunities within business and technology services in health, training, engineering and IT services as well as within the design, manufacturing and maintenance of complex systems to the communications and defence sectors. Founded in 1982, Calian is a Canadian company that is publicly traded on the Toronto Stock Exchange (CGY).

Calian values diversity and is an equal opportunity employer. Calian is committed to being responsive to the diverse needs of its members, employees, and others, by striving to prevent and remove systemic barriers. All qualified individuals are encouraged to apply and we welcome applications from women, visible minorities, Indigenous Peoples, persons with disabilities, persons of diverse sexual orientation, gender identity or expression and others who may contribute to diversity of our organization. We thank all applicants for their interest; however, only candidates under consideration will be contacted. We will provide accommodations during the recruitment process upon request.