SA&A Specialist
HRBrain
CONTRACT
Canada
Posted 2 years ago
We are looking for an SA&A Specialist! Reach out if you are interested and feel free to refer friends/colleagues!
Type of Employment: Contract
Title: SA&A Specialist
Term: 6-month – 37.5 hours
Location: Remote
Job ID number: C1069
Brief description of duties:
The key duties and responsibilities include, but are not limited to, the following:
- Define and lead the implementation of an enterprise-wide strategy focused on the reduction of technology risk
- Develop and maintain Cyber policies, standards, processes, and procedures
- Review and mature existing Security Assessment and Authorization process
- Conduct Government of Canada (GOC) security assessments (as an assessor) using the Security Assessments and Authorization (SA&A) process and draft Security Assessments Reports outlining the critical risks and recommending remediation to senior management
- Develop and maintain a Cyber Risk register including critical assets, vulnerabilities and threats
- Perform threat modeling exercises on a regular and ad-hoc basis to identify existing and new emerging threats relevant to CDIC
- Develop and maintain Cyber policies, standards, processes, and procedures
- Develop Cyber communication plans and content on security awareness and best practices
- Work with information Technology (IT), business, internal and external audit teams to perform security and compliance assessments on new and existing systems, processes, and technologies
- Participate in disaster recovery and business continuity planning and testing
- Lead efforts to achieve compliance with various frameworks and regulations by consulting and working with the relevant IT and business staff and control owners
- Perform periodic gap assessments to validate compliance on an ongoing basis to ensure that proper controls are in place and risks are appropriately mitigated.
MUST haves:
The Proposed Assigned Persons (Resources) should have the following requirements, at a minimum:
- Bachelor’s degree in Information Systems, Cyber Security, or a related field and/or ten (10) years equivalent work experience
- Three (3+) years of relevant experience in the IT risk, security, compliance or audit field
- Certification in one or more of the following: CISSP (Certified Information Systems Security Professional); CRISC (Certified in Risk and Information Systems Control)
- Valid Reliability level security clearance
The following are considered and asset:
- Extensive hands-on experience in IT security architecture (on prem and Azure Cloud Infrastructure)
- Extensive hands-on experience in SDLC (DevSecops) and application security (OWASP)
- Extensive experience in GOC ITSG-33, ITSG-22, PBMM (Protected B with Medium Integrity and Medium Availability) guidance and controls
- Experience in conducting GOC Security Assessments (as an assessor) using the SA&A process and drafting Security Assessments Reports outlining the critical risks and recommending remediation to senior Management
- Specialization in IT Security, Forensics, IT Management
- Certification in one or more of the following: CEH (Certified Ethical Hacker); CCSE (Check Point Certified Expert); CCSP (Certified Cloud Security Professional); Azure Security Engineer Associate; Microsoft 365 Security Administrator Associate; GWEB (GIAC Web Application Defender); CSSLP (Certified Secure Software Lifecycle Professional)
- Secret level clearance
Job Features
IT risk, security, compliance or audit field | 3+ |
IT security architecture (on prem and Azure Cloud Infrastructure) | 10+ |
GOC ITSG-33, ITSG-22, PBMM (Protected B with Medium Integrity and Medium Availability) guidance and controls | 10+ |