TRA & SA&A Analyst

TRM Technologies, Inc.

$90K — $120K *
Information Technology
8 - 10 years of experience
Job Overview by Ladders

Qualifications

  • 10+ years of experience in Threat and Risk Assessment and Security Authorization/Accreditation (C&A)
  • Strong knowledge of IT Security policies and standards at federal and provincial levels
  • Proficiency in analysis of threats and vulnerabilities in various operating systems
  • Experience in developing comprehensive security documentation and risk assessments
  • Familiarity with Certification and Accreditation processes for IT systems

Responsibilities

  • Review and apply IT Security policies and risk mitigation strategies
  • Identify threats and vulnerabilities in operating systems and wireless architectures
  • Develop various security documentation including threat assessments and privacy impact assessments
  • Conduct security certification and accreditation activities
  • Provide training material development and delivery relevant to IT security

Benefits

  • Work in a secure and highly impactful role
  • Opportunity to engage with federal and provincial IT security policies
  • Develop a specialization in advanced security analysis and risk management
  • Collaborate with government agencies on sensitive information handling
  • Contribute to shaping IT security standards and practices in Canada
Full Job Description
Location Ottaw Language English Required Security Clearance Secret Security Clearance Required

We are actively looking for Information Technology Security TRA and C&A Analysts with 10 + years of Threat and Risk / SA&A / C&A Experience.

Responsibilities could include but are not limited to

  • Review, analyze, and/or apply Federal, Provincial or Territorial IT Security policies, System IT Security Certification & Accreditation processes, IT Security products, safeguards and best practices, and the IT Security risk mitigation strategies
  • Identify threats to, and vulnerabilities of operating systems (such as MS, Unix, Linux, and Novell), and wireless architectures
  • Identify personnel, technical, physical, and procedural threats to and vulnerabilities of Federal, Provincial or Territorial IT systems
  • Develop reports such as: Data security analysis, Concepts of operation, Statements of Sensitivity (SoSs), Threat assessments, Privacy Impact Assessments (PIAs), Non-technical Vulnerability Assessments, Risk assessments, IT Security threat, vulnerability and/or risk briefings
  • Conduct Certification activities such as: Develop Security Certification Plans, Verify that security safeguards meet the applicable policies and standards, Validate the security requirements by mapping the system-specific security policy to the functional security requirements, and mapping the security requirements through the various stages of design documents, Verify that security safeguards have been implemented correctly and that assurance requirement have been met. This includes confirming that the system has been properly configured, and establishing that the safeguards meet applicable standards, Conduct security testing and evaluation (ST&E) to determine if the technical safeguards are functioning correctly, Assess the residual risk provided by the risk assessment to determine if it meets an acceptable level of risk
  • Conduct Accreditation activities such as: Review of the certification results in the design review documentation by the Accreditation Authority to ensure that the system will operate with an acceptable level of risk and that it will comply with the departmental and system security policies and standards and identify the conditions under which a system is to operate (for approval purposes). This may include the following types of approvals:
    • Developmental approval by both the Operational and the Accreditation Authorities to proceed to the next stage in an IT system's life cycle development if sensitive information is to be handled by the system during development
    • Operational written approval for the implemented IT system to operate and process sensitive information if the risk of operating the system is deemed acceptable, and if the system is in compliance with applicable security policies and standards
    • Interim approval-a temporary written approval to process sensitive information under a set of extenuating circumstances where the risk is not yet acceptable, but there is an operational necessity for the system under development
  • Develop and deliver training material relevant to the resource category

We would like to thank all those who apply, but we will only contact those candidates selected for an interview.

Similar Jobs

More Jobs at TRM Technologies, Inc.

  • Project Manager
    $80K — $110K *
    Remote
    Education, Government & Non-Profit
    Remote in Ottawa, ON
  • Project Manager
    $80K — $100K *
    Ottawa, ON K1G 3J6
    Education, Government & Non-Profit
    In-Person
  • Programmer / Analyst
    $75K — $95K *
    Ottawa, ON K1G 3J6
    Information Technology
    In-Person
  • Programmer / Analyst
    $75K — $95K *
    Remote
    Education, Government & Non-Profit
    Remote in Ottawa, ON
  • Multiple AI Roles
    $90K — $120K *
    Ottawa, ON K1G 3J6
    Information Technology
    In-Person

More Information Technology Jobs

Find similar TRA & SA&A Analyst jobs: