Senior IT Security Analyst to provide guidance on security authorization (ATO) and on regulations, policies and relevant frameworks/standards such as ITSG-33, ISO27001, NIST, for a government client.
Job Type: Contract
Positions to fill: 1
Start Date: Sep 19, 2022
Job End Date: Sep 19, 2023
Pay Rate: Daily: Negotiable
Job ID: 122266
Location: Ottawa
Our Valued Public Sector Client is seeking a Senior IT Security Analyst to provide guidance on security authorization (ATO) and on regulations, policies and relevant frameworks/standards such as ISO27001, NIST, ITSG-33 for a government client.
Tasks Preformed:
Nice to Haves:
Tasks Preformed:
- Provide Security Authorization (“ATO” - the Authority to Operate) by advising and maintaining current security risk management decisions.
- Provide subject matter expertise on relevant regulations and policies and relevant frameworks/standards such as ITSG-33. ISO27001, NIST.
- Capture compliance requirements and a list of outcomes for expected activities in the areas of people, process and technology for the program;
- Provide operational security experience (SOC, Vulnerability management, Incident Response, Audits, etc.).
- Review, analyze, create and/or update relevant SA&A documentation such as: Concept of Operation, IT Security Architecture, Statement of Sensitivity, and Statement of Acceptable Risk.
- Provide guidance and proper documentation to department on main requirements of TBS policy related to IT Security, IT Security risk management, and assist in protecting information systems in compliance with government legislation/ TBS policies.
- Support information security incidents investigation, coordinate incident response and reporting
- Provide support for internal/external audit and information security assessments by client
- Develop policies, standards, processes and procedures guidelines and other related documentation for Security Monitoring.
- Assist in prioritizing gaps and remediation efforts;
- Assist in managing operational risks and monitor risk mitigation activities;
Nice to Haves:
- CISSP – Certified Information Systems Security Professional
- CISA – Certified Information Systems Auditor
- CISM – Certified Information Security Manager
