|Security Clearance||Secret Security Clearance Required|
Role and Responsibilities
Our Federal Government client requires a Level 3 Systems Risk Management Specialist for a 2 year contract with option of 4 additional years.
Qualifications and Experience
- Provide advice, recommendations and support to the implementation and adoption of the new e- Procurement Solution, focusing on mitigating and managing risks associated with system functionality and the security operations of the e-Procurement Solution;
- Research and analyze Treasury Board (TB) policy and directives to identify potential risk areas and level of impact regarding policy compliance of the new e-Procurement Solution; develop mitigation measures and action plan to ensure that the services fully meet TB policy requirements;
- Develop an implementation plan and control process for the new e-Procurement Solution to manage any risks or issues in meeting the GC security requirements and procedures;
- Review vendor’s document, identify and provide advice on the resolution to current and emerging issues in complying with the GC approved certifications and accreditations of the operation of the e-Procurement Solution;
- Provide assistance in the development of long-term strategies in risk management of GC e- Procurement focusing on policy compliance and security/privacy insurance;
- Conduct risk assessment on vendor’s IT network, IM tool, service delivery and operation model for
- the new e-Procurement Solution and develop risk management plan where appropriate;
- Conduct a risk assessment and develop a strategic contingency plan to ensure the continuity of the e-Procurement Solution in the event of extended hardware outages, major software bugs, or critical operational issues;
- Review and analyze the government security policy and its application to the functional requirements of the new e-Procurement Solution from a national and international perspective and identify any potential compliancy issues the vendor may encounter;
- Conduct a risk assessment, identify specific risks associated with functional modules (e.g. e- bidding, supplier relationship management) of the solution and the overall program objectives, and formulate proper solutions, methodologies, risk mitigation measures and action plan to ensure that the services fully meet GC security and privacy requirements;
- Review vendor’s threat analysis and threat risk assessments and provide recommendations on
- how to resolve potential issues found through the review; and
- Communicate with clients and internal and external stakeholders to respond to comments and questions on the e-Procurement Solution, especially in the area of security and privacy.
- 10 years of experience within the past 15 years providing advice and making recommendations with regards to the ongoing and emerging system functionality of enterprise wide application(s) or solution(s) as it relates to risk management to ensure a secured operation of the system.
- Ideally, certified in Risk and Information System Control.
- 2 years of experience within the past 10 years, in conducting risk assessment and developing risk mitigation plans, methodologies and strategies for risk management.
- 2 years of experience within the past 10 years, in performing threat analysis and risk assessments for the Federal Government projects/programs.
- 2 years of experience within the past 10 years, in analyzing a government or private sector security policy and providing advice on how to mitigate risks associated with the application of the policy to functional and operational requirements as it relates to the implementation of vendor’s services
- 2 years of experience, within the past 10 years, in applying the Government of Canada security policy and procedures to a government wide solution.
- 2 years of experience within the past 10 years, in identifying security, privacy and or operating system risks associated with the functional module of an enterprise solution or the overall implementation objectives of the project
- 2 years of experience, within the past 10 years, in conducing risk assessments associated with Privacy Impact Assessments within the Government of Canada.
- 1 year of experience working on enterprise electronic procurement systems or a Government of Canada Financial Management Systems in the past 10 years, as a Systems Risk Management Specialist.
- Ideally, holds a valid certification in one of the following:
- Certified Protection Professional (CPP)
- Certified Information Systems Secure Professional (CISSP)
- Certified Information Systems Auditor (CISA)
- Certified Information Systems Manager (CISM)
- Certified ISO 27001 Lead Auditor
- Global Information Assurance Certification (GIAC).
If you are interested in and available for this full-time opportunity, then please submit your deatiled resume for consideration and one of our consultants will be in touch soon to discuss further.