IT Security Risk Assessor
Monday, December 31, 2018
RHEA Group is currently recruiting an IT Security Risk Assessor for our office in Ottawa, Canada.
Tasks and Activities
- Calculate the residual risk for planned Information Security Management System implementation including the evaluation of security controls.
- Review, analyze, and/or apply risk management methodologies and GC, Provincial or Territorial and private sector IT Security Policies, Procedures, Standards, Guidelines. e.g. ITSG-22-33-38, ISO 27001.
- Conduct safeguard analysis and implementation for the physical protection of personnel and Information System (IS) assets.
- Physical site inspection for security posture assessment and certification.
- Conduct a full Threat Risk Assessment, report all Critical and High-security issues in the Statement of Applicability.
- Identify and analyze physical threats to, and vulnerabilities of networks.
- Conduct activities related to authorization and authentication in physical and logical environments.
- Complete tasks directly supporting the departmental IT Security and Cyber Protection Program.
- Develop and deliver training material relevant to the resource category.
- Review, analyze, and/or apply IT Security methodologies, programs, policies, procedures, standards, guidelines, and IT Security Risk Management methodologies.
- Develop IT Security standards, procedures and guidelines pursuant to the requirements of The National Security Policy, Policy on Government Security, supporting operational standards (e.g., MITS), departmental/agency security policy, and other relevant standards, procedures and guidelines.
- Develop IT Security policy in the areas of IT security and assurance, standard Certification & Accreditation frameworks for IT systems, information infrastructure protection, product evaluation, privacy, Business Continuity Planning, contingency planning and Disaster Response Planning, Research & Development.
- Develop IT Security risk assessment methodologies for application to Government of Canada and private sector companies and institutions.
Skills and Experience
The following skills and experience are mandatory:
- You have an University or College Degree
- You have a valid Government of Canada Security Clearance Secret or higher
The following skills would be highly desirable:
- You have ISO 27001:2013 Foundations Course
- You are ITIL Certified
- You possess CISSP certification
- Comp TIA network and or security plus certification
- You speak French and English