Senior IT Security TRA and C&A Analyst

Position Overview

Calian ITCS is currently seeking a Senior IT Security TRA Analyst for an opportunity to perform the following duties:

Responsibilities

• Review business and IT Security requirements from various programs and initiatives;
• Work in partnership with all stakeholders to develop security control profiles based on CSE ITSG-33 and other related security standards, in support of various projects related to Secret Programs/Initiatives;
• Validate IT Security requirements by mapping business and/or security requirements through the various stages of the Information System Security Implementation Process (ISSIP);
• Analyze and evaluate client requirements and documentation;
• Plan, conceptualize, coordinate, and document recommendations for solutions based on client requirements;
• Perform functional and options analysis in support of program/service delivery;
• Perform impact analysis with the perspective of an enterprise solution, evaluate and make recommendations;
• Review/analyze various Secret initiative deliverables and ensure compliance, alignment, and conformity of deliverables with Government of Canada IT Security strategies, principles, methodologies, frameworks, programs, policies and instruments (directives, standards, guidelines), and procedures;
• Develop IT security controls, select and implement applicable safeguards for Cross Domain solutions that comply with the National Cross Domain Strategy Management Office Raise-the-Bar (NCDSMO and RTB) guidelines;
• Develop security requirements, completing security assurance and authorization tasks and obtaining authority to operate a Cross Domain solution.

Qualifications

• Clearance: Secret (mandatory)
• Language: English
• 10 years’ relevant experience in Security Assessment & Authorization (SA&A) and TRA work;
• 10+ years' relevant experience in reviewing, analyzing, and applying Government of Canada (GoC) IT Security policies, guidelines, and standards, within a Government of Canada classified enterprise system;
• 5+ years’ direct experience in the development of IT security controls (based on ITSG-33 and/or NIST SP 800-53) and the selection and implementation of applicable safeguards, aligned with business requirements, for a Government of Canada (GoC) classified enterprise system;
• 5+ years’ direct experience with the development, interpretation, and application of IT SA&A methodologies, policies, and instruments for a Government of Canada (GoC) classified enterprise system;
• 5+ years direct experience with developing key security documentation for a Government of Canada (GoC) classified system, including business needs for security, system security plan, threat assessment, threat risk assessment (TRA), risk assessment, statement of sensitivity, privacy impact assessment (PIA), and security categorization report.