IT Security Risk Assessor

Application deadline
Monday, December 31, 2018
Reference number
Apply now

RHEA Group is currently recruiting an IT Security Risk Assessor for our office in Ottawa, Canada.

Tasks and Activities
  • Calculate the residual risk for planned Information Security Management System implementation including the evaluation of security controls.
  • Review, analyze, and/or apply risk management methodologies and GC, Provincial or Territorial and private sector IT Security Policies, Procedures, Standards, Guidelines. e.g. ITSG-22-33-38, ISO 27001.
  • Conduct safeguard analysis and implementation for the physical protection of personnel and Information System (IS) assets.
  • Physical site inspection for security posture assessment and certification.
  • Conduct a full Threat Risk Assessment, report all Critical and High-security issues in the Statement of Applicability.
  • Identify and analyze physical threats to, and vulnerabilities of networks.
  • Conduct activities related to authorization and authentication in physical and logical environments.
  • Complete tasks directly supporting the departmental IT Security and Cyber Protection Program.
  • Develop and deliver training material relevant to the resource category.
  • Review, analyze, and/or apply IT Security methodologies, programs, policies, procedures, standards, guidelines, and IT Security Risk Management methodologies.
  • Develop IT Security standards, procedures and guidelines pursuant to the requirements of The National Security Policy, Policy on Government Security, supporting operational standards (e.g., MITS), departmental/agency security policy, and other relevant standards, procedures and guidelines.
  • Develop IT Security policy in the areas of IT security and assurance, standard Certification & Accreditation frameworks for IT systems, information infrastructure protection, product evaluation, privacy, Business Continuity Planning, contingency planning and Disaster Response Planning, Research & Development.
  • Develop IT Security risk assessment methodologies for application to Government of Canada and private sector companies and institutions.
Skills and Experience

The following skills and experience are mandatory:

  • You have an University or College Degree
  • You have a valid Government of Canada Security Clearance Secret or higher

The following skills would be highly desirable:

  • You have ISO 27001:2013 Foundations Course
  • You are ITIL Certified
  • You possess CISSP certification
  • Comp TIA network and or security plus certification
  • You speak French and English


One file only.
10 MB limit.
Allowed types: txt pdf odt doc docx.