IT Security Analyst Full Time

The Business Consultant IT Security will act as a trusted security consultant, providing expert advisory and hands-on support across Security Assessment & Authorization (SA&A) initiatives. The role focuses on guiding project teams through complex security compliance requirements, shaping security architecture decisions, and ensuring successful attainment of Authority to Operate (ATO). This position requires strong stakeholder engagement, risk-based decision-making, and the ability to translate security frameworks into practical implementation within enterprise and COTS-based environments.

Day To Day Job Duties

Conduct technical research and provide expert guidance on Security Assessment & Authorization (SA&A) requirements.

Collaborate with project teams and Life Cycle Application Manager (LCAM) through weekly meetings to track SA&A progress.

Support security evidence collection and develop formal risk and compliance documentation.

Develop and refine SA&A artefacts including CONOPS, SCAR, PoAM, data dictionaries, and security control questionnaires.

Advise project teams on implementation and prioritization of tailored security controls.

Define And Validate Security Processes Across SDLC, Including

Vulnerability Management

Identity and Access Management (IAM)

Audit and Logging

Incident Response

Data Loss Prevention (DLP)

Review system architecture for compliance with Enterprise Architecture (EA) and CIA (Confidentiality, Integrity, Availability) requirements.

Assess documentation, questionnaires, and evidence ahead of IATO and ATO approvals.

Identify gaps or deficiencies in implemented security controls and recommend remediation actions.

Prepare and package documentation for IATO/ATO submissions.

Participate in SA&A governance meetings, sprint ceremonies, and cross-functional discussions.

Basic Qualifications

6+ years of experience in Security Assessment & Authorization (SA&A) within government, para-government, or regulated environments.

6+ years of hands-on experience developing:

Security Categorization Reports (SCAR)

Security Requirements Traceability Matrices (SRTM)

Security Concept of Operations (CONOPS)

Security Assessment Reports (SAR)

Threat and Risk Assessments (TRA)

Strong knowledge of security frameworks, compliance standards, and risk management methodologies.

Experience reviewing enterprise and COTS-based system architectures for security compliance.

Proven ability to support ATO/IATO processes and security audits.

Strong stakeholder management and consulting skills.

Bilingual in English and French.

Travel

Minimal travel required: Must be able to work in a hybrid model (2 days per week onsite in Nepean, Ottawa).

Degree

Certificate, Diploma, or Degree in Computer Science, Information Security, or a related field from a recognized post-secondary institution.

Nice To Have

Additional security certifications beyond CISSP and CISA.

Experience with Canadian government security standards and frameworks.

Exposure to Defence or public sector learning systems (e.g., LMS platforms).

Familiarity with DevOps and secure SDLC practices in agile environments.