Cybersecurity Business Specialist (WFH), Secret Cleared
Security minded Business Architect (WFH Ottawa / SECRET)
Our client, an important Federal Government Department (Agency), for an initial 6 month assignment (possibly to extend multi-year) contract, requires the services of one, SECRET Cleared INT or Sr. Cybersecurity Specialist . For the foreseeable future, this is a Work-From-Home (WFH) role, preferably from the Ottawa, ON (but not mandatory).
The Security minded Business Architect will provide project support for IIS’s Security work. The Business Architect will report to the Manager, IT Security and Network Services and work closely with IIS managers, operational team leads, technical staff and other members of the project team.
The Business Architect will perform the following primary activities, but is not limited to:
· Complete a GAP analysis of Agency safeguards and GoC guardrails.
· Formalize the security assessment and authorization (SA&A) processes and approach and ensure that it is appropriately embedded within the IT system development and maintenance lifecycle.
· Implement formal tracking and monitoring of security assessment and authorization activities to be able to report and ensure that recommended safeguards are implemented in a timely manner.
· Define and develop auditing, monitoring, and reporting of security events.
· In collaboration with Information Management, Implement classification, labelling, and handling of Protected files and documents.
· Implement additional security tools, components and features (M365 E5 license) and implement them in Azure and M365.
· Document the process for the monthly Vulnerability Assessment and Vulnerability Management for Agency Cloud tenant.
· Define and document the Data Retention and Disposition schedules and procedures.
· Implement secure Cloud to on-premises connectivity for Records of Business Value (RBV).
· Ensure that data residency requirements in Canada for Protected data are met for all the components in the Microsoft Cloud.
· Investigate if password hash synchronization introduces unacceptable risk to Agency Cloud tenant.
· Ensure that endpoint device management is fully deployed and includes all GC phones and computers with access to the Cloud.
· Develop a departmental Cyber Security Event Management Plan (CSEMP)
· Develop and deliver Security Awareness and Training for users in the Cloud.
· Complete the final versions of the project documentation including the Concept of Operations (ConOps), the Security Requirements Traceability Matrix (SRTM), and the requested evidence to support the security safeguard selection and have senior management sign to approve the Authority to Operate M365.
Hourly pay rate is $90/hr.
For further details and consideration, qualified candidates are encouraged to apply on-line and/or to send resume directly to firstname.lastname@example.org