IT Security Analyst

Job Description:

The Business Consultant IT Security will act as a trusted security consultant providing expert advisory and hands-on support across Security Assessment & Authorization (SA&A) initiatives. The role focuses on guiding project teams through complex security compliance requirements shaping security architecture decisions and ensuring successful attainment of Authority to Operate (ATO). This position requires strong stakeholder engagement risk-based decision-making and the ability to translate security frameworks into practical implementation within enterprise and COTS-based environments.

Day to Day Job Duties:

Conduct technical research and provide expert guidance on Security Assessment & Authorization (SA&A) requirements.

Collaborate with project teams and Life Cycle Application Manager (LCAM) through weekly meetings to track SA&A progress.

Support security evidence collection and develop formal risk and compliance documentation.

Develop and refine SA&A artefacts including CONOPS SCAR PoAM data dictionaries and security control questionnaires.

Advise project teams on implementation and prioritization of tailored security controls.

Define and validate security processes across SDLC including:

Vulnerability Management

Identity and Access Management (IAM)

Audit and Logging

Incident Response

Data Loss Prevention (DLP)

Review system architecture for compliance with Enterprise Architecture (EA) and CIA (Confidentiality Integrity Availability) requirements.

Assess documentation questionnaires and evidence ahead of IATO and ATO approvals.

Identify gaps or deficiencies in implemented security controls and recommend remediation actions.

Prepare and package documentation for IATO/ATO submissions.

Participate in SA&A governance meetings sprint ceremonies and cross-functional discussions.

Basic Qualifications:

6 years of experience in Security Assessment & Authorization (SA&A) within government para-government or regulated environments.

6 years of hands-on experience developing:

Security Categorization Reports (SCAR)

Security Requirements Traceability Matrices (SRTM)

Security Concept of Operations (CONOPS)

Security Assessment Reports (SAR)

Threat and Risk Assessments (TRA)

Strong knowledge of security frameworks compliance standards and risk management methodologies.

Experience reviewing enterprise and COTS-based system architectures for security compliance.

Proven ability to support ATO/IATO processes and security audits.

Strong stakeholder management and consulting skills.

Bilingual in English and French.

Travel:

Minimal travel required: Must be able to work in a hybrid model (2 days per week onsite in Nepean Ottawa).

Degree:

Certificate Diploma or Degree in Computer Science Information Security or a related field from a recognized post-secondary institution.

Nice to Have:

Additional security certifications beyond CISSP and CISA.

Experience with Canadian government security standards and frameworks.

Exposure to Defence or public sector learning systems (e.g. LMS platforms).

Familiarity with DevOps and secure SDLC practices in agile environments.