SA&A Specialist

HRBrain

CONTRACT
Canada
Posted 1 year ago

We are looking for an SA&A Specialist! Reach out if you are interested and feel free to refer friends/colleagues!

 

Type of Employment: Contract
Title: SA&A Specialist
Term: 6-month – 37.5 hours
Location: Remote
Job ID number: C1069

 

Brief description of duties:

The key duties and responsibilities include, but are not limited to, the following:

  • Define and lead the implementation of an enterprise-wide strategy focused on the reduction of technology risk
  • Develop and maintain Cyber policies, standards, processes, and procedures
  • Review and mature existing Security Assessment and Authorization process
  • Conduct Government of Canada (GOC) security assessments (as an assessor) using the Security Assessments and Authorization (SA&A) process and draft Security Assessments Reports outlining the critical risks and recommending remediation to senior management
  • Develop and maintain a Cyber Risk register including critical assets, vulnerabilities and threats
  • Perform threat modeling exercises on a regular and ad-hoc basis to identify existing and new emerging threats relevant to CDIC
  • Develop and maintain Cyber policies, standards, processes, and procedures
  • Develop Cyber communication plans and content on security awareness and best practices
  • Work with information Technology (IT), business, internal and external audit teams to perform security and compliance assessments on new and existing systems, processes, and technologies
  • Participate in disaster recovery and business continuity planning and testing
  • Lead efforts to achieve compliance with various frameworks and regulations by consulting and working with the relevant IT and business staff and control owners
  • Perform periodic gap assessments to validate compliance on an ongoing basis to ensure that proper controls are in place and risks are appropriately mitigated.

 

 

MUST haves:

 

The Proposed Assigned Persons (Resources) should have the following requirements, at a minimum:

 

  • Bachelor’s degree in Information Systems, Cyber Security, or a related field and/or ten (10) years equivalent work experience
  • Three (3+) years of relevant experience in the IT risk, security, compliance or audit field
  • Certification in one or more of the following: CISSP (Certified Information Systems Security Professional); CRISC (Certified in Risk and Information Systems Control)
  • Valid Reliability level security clearance

 

The following are considered and asset:

 

  • Extensive hands-on experience in IT security architecture (on prem and Azure Cloud Infrastructure)
  • Extensive hands-on experience in SDLC (DevSecops) and application security (OWASP)
  • Extensive experience in GOC ITSG-33, ITSG-22, PBMM (Protected B with Medium Integrity and Medium Availability) guidance and controls
  • Experience in conducting GOC Security Assessments (as an assessor) using the SA&A process and drafting Security Assessments Reports outlining the critical risks and recommending remediation to senior Management
  • Specialization in IT Security, Forensics, IT Management
  • Certification in one or more of the following: CEH (Certified Ethical Hacker); CCSE (Check Point Certified Expert); CCSP (Certified Cloud Security Professional); Azure Security Engineer Associate; Microsoft 365 Security Administrator Associate; GWEB (GIAC Web Application Defender); CSSLP (Certified Secure Software Lifecycle Professional)
  • Secret level clearance

Job Features

IT risk, security, compliance or audit field3+
IT security architecture (on prem and Azure Cloud Infrastructure)10+
GOC ITSG-33, ITSG-22, PBMM (Protected B with Medium Integrity and Medium Availability) guidance and controls10+

Apply Online