Company Description

ADGA provides strategic vision, world-class technology and service excellence in the areas of defence, security and enterprise computing to clients in the federal government, other levels of government and the private sector. In a world dominated by convergence, ADGA provides the expertise and innovation that organizations need to stay safe, efficient and productive. This is based on an exceptional balance sheet built since 1967, protecting some of Canada's most critical assets. Headquartered in Ottawa, with offices across Canada, ADGA is a privately owned Canadian company employing more than 800 employees, technical consultants and subject matter experts.

Job Description

Our Canadian Federal Government client requires multiple experienced Information Technology Security TRA and C&A Analysts. The Analysts will work with the technical and research staff in following a prescribed process in developing a number of critical path Security Assessment and Authorization (SA&A) documents for approval by Senior Management.

The Information Technology Security TRA and C&A Analysts are required to assist NRC in developing SA & A approval documents for various corporate applications and R&D functions. These include, but are not limited to:

• ERP system (Sigma),
• Microsoft SharePoint,
• Storage systems (NAS_SAN etc.)
• Research systems made up of multiple types of devices and technologies
• Various database applications
• External facing web applications
• Collaboration platforms
• Intranet applications
• Specialized IT-enabled Research Equipment (SRE)
• Cloud services

Responsibilities include:

• Develop reports such as: Data security analysis, Concepts of operation, Statements of Sensitivity (SoSs), Threat assessments, Risk assessments, IT Security threat, vulnerability and/or risk briefings
• Follow existing process to conduct certification activities
• Participate with working teams in Corporate and Research environments
• Activities may include : Develop Security Assessment Plans, Verify that security safeguards
  meet the applicable policies and standards, Validate the security requirements by mapping
  the system-specific security policy to the functional security requirements, and mapping the
  security requirements through the various stages of design documents, Verify that security
  safeguards have been implemented correctly and that assurance requirement have been
  met.
• Confirming that the system has been properly configured, and establishing that the safeguards meet applicable standards,
• Conduct security testing and evaluation (ST&E) to determine if the technical safeguards are
  functioning correctly, Assess the residual risk provided by the risk assessment to
  determine, survey subject matter experts, and provide return-on investment analysis on
  additional safeguards to determine if it meets an acceptable level of risk
• Conduct assessment activities such as review design documents to determine if the system
  will operate with an acceptable level of risk and that it will comply with GC and
  departmental policies and standards and identify the conditions under which a system is to
  operate (for approval purposes).
• Formulate, document, and/or verify Departmental and/or Domain Security Control Profiles;
• Security Categorization Reports;
• IT Security risk management advice/guidance comprised of, but not limited to:

  • ensure compliance, alignment, and conformity of deliverables with Government of
    Canada (e.g., TBS, CSEC, PS, SSC) IT Security strategies, principles,
    methodologies, frameworks, programs, policies and instruments (directives,
    standards, guidelines), and procedures;

  • Recommendations for IT Security risk mitigation and other related deliverables, as
    required.

  • Recommend remediation plans to senior management to achieve an acceptable risk level.

Qualifications

• A minimum of 5 years of professional work experience within the IT Security field within the last 10 years.
• A minimum of 3 years within the last 5 years working as an Analyst with experience developing and updating Security Assessment and Authorization (SA&As) and Cloud IT Systems for both on-premise and cloud-based IT Systems, which may include: Email systems, Hardware Server Systems, and Security Systems. This must exclude in-house developed software solutions.
• Must demonstrate having authorized a minimum of 10 Security Assessment and Authorization (SA&A) packages for IT systems using the ITSG-33 methodology within the last 5 years.
• Must have completed at least 8 SA&As in a research environment within the last 5 years.
• A minimum of 10 years of recent knowledge and experience in supporting and/or implementing IT enterprise networks and/or IT security systems.
• Must have one or more of the following IT Security Certifications or a degree from an accredited institution:

  • CISSP (Certified Information Systems Security Professional)

  • CAP (Certification and Accreditation Professional)

  • CISM (Certified Information Security Manager)

  • CSSP (Certified Cloud Security Professional)

  • CISA (Certified Information Systems Auditor)

  • CRISC (Certified in Risk and Information Systems Control)

  • Information Security Management Systems auditor

  • CIAPP (Canadian Institute of Access and Privacy Professionals)

  • Degree in Computer Science

Additional Information

Work-Life Balance

We strongly support a healthy and productive work-life balance. This starts with a flexible approach to work, and policies designed to support employees through their day-to-day routines and major life events. For example, we offer a Maternity/Parental Top-Up (up to 52 weeks) and a Reservist Leave Top-Up (up to 180 days).

Belong@ADGA

ADGA continuously strives to integrate advanced Diversity, Equity & Inclusion (DEI) approaches and practices into our work culture. Our employee-based DEI Committee explores activities and invites discussions that foster an environment where all employees feel valued, respected, and heard.

Compensation

Above and beyond our commitment to offer a competitive base salary, ADGA has a company-wide profit-sharing plan for all full-time and part-time employees.

Comprehensive Benefits and Total Rewards

We offer a comprehensive benefit program, providing employees with the choice between base or enhanced plans. Depending on the plan, ADGA pays for Health & Dental, a Health Spending Account, Short-Term Disability, an Employee Assistance Program, and a Telemedicine service. Also offered: discounts on gym memberships, 5,000+ perks through Perkoplis, a Deferred Profit Sharing Plan, and access to a wide range of other employee-centric services and savings programs.