Title |
Information Technology Security Threat and Risk Assessment (TRA) - Level 3 |
Location |
Hybrid - Ottawa, ON |
Start Date |
10-25-2024 |
Language |
English |
Salary |
Negotiable |
Security Clearance |
Secret Clearance |
Duration |
6 Months |
Date Posted |
10-25-2024 |
Job ID |
13473 |
Recruiter Email |
|
Maplesoft Group is currently seeking an Information Technology Security Threat and Risk Assessment (TRA) - Level 3 consultant for our Federal Government client.
Tasks and Responsibilities include, but are not limited to the following:
• Review, analyze, and/or apply Federal, Provincial or Territorial IT Security
policies, System IT Security Certification & Accreditation processes, IT Security
products, safeguards and best practices, and the IT Security risk mitigation
strategies;
• Identify threats to, and vulnerabilities of operating systems (such as MS, Unix,
Linux, and Novell), and wireless architectures;
• Identify personnel, technical, physical, and procedural threats to and vulnerabilities
of Federal, Provincial or Territorial IT systems;
• Develop reports such as: Data security analysis, Concepts of operation, Statements
of Sensitivity (SoSs), Threat assessments, Privacy Impact Assessments (PIAs),
Non-technical Vulnerability Assessments, Risk assessments, IT Security threat,
vulnerability and/or risk briefings;
• Conduct Certification activities such as: Develop Security Certification Plans,
Verify that security safeguards meet the applicable policies and standards, Validate
the security requirements by mapping the system-specific security policy to the
functional security requirements, and mapping the security requirements through
the various stages of design documents, Verify that security safeguards have been
implemented correctly and that assurance requirement have been met. This
includes confirming that the system has been properly configured, and establishing
that the safeguards meet applicable standards, Conduct security testing and
evaluation (ST&E) to determine if the technical safeguards are functioning
correctly, Assess the residual risk provided by the risk assessment to determine if it
meets an acceptable level of risk;
• Conduct Accreditation activities such as: Review of the certification results in the
design review documentation by the Accreditation Authority to ensure that the
system will operate with an acceptable level of risk and that it will comply with the
departmental and system security policies and standards and identify the
conditions under which a system is to operate (for approval purposes). This may
include the following types of approvals:
• Developmental approval by both the Operational and the Accreditation Authorities
to proceed to the next stage in an IT system's life cycle development if sensitive
information is to be handled by the system during development;
• Operational written approval for the implemented IT system to operate and process
sensitive information if the risk of operating the system is deemed acceptable, and
if the system is in compliance with applicable security policies and standards;
• Interim approval—a temporary written approval to process sensitive information
under a set of extenuating circumstances where the risk is not yet acceptable, but
there is an operational necessity for the system under development.
• Develop and deliver training material relevant to the resource category; and
• Conduct knowledge transfer and coaching of the team members.
Maplesoft Group prides itself on its distinct corporate culture and recognizes that success is a direct reflection of our most valuable asset - our people. Therefore, attitude and ambition are key personality traits we seek out, along with skill and aptitude, in potential employees.
Maplesoft Group is committed to having a diverse, representative workforce and continuing to build an inclusive environment. We encourage applications from all qualified individuals. Maplesoft Group is an equal opportunity employer committed to diversity and inclusion. We are pleased to consider all qualified applicants irrespective of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected veterans’ status, Aboriginal peoples or any other legally protected factors.
All employment decisions are made based on business needs, job requirements, and individual qualifications.
We are committed to developing inclusive, barrier-free recruitment and selection processes, and a work environment that supports our diverse workforce. Please let us know if you require accommodations at any stage of the recruitment process. We can be reached at Maplesoft Info at info@maplesoftgroup.com.
We thank you for your interest in Maplesoft Group and wish to advise you, that only candidates under consideration will be contacted.