IT Risk and Compliance Management Specialist
David Aplin Group
Join a top employer and advance your career. Exciting remote contract opportunity for an experienced IT Risk and Compliance Management Specialist with our Government client based in Winnipeg. This will be a 6 month term to start with an expectation total duration of 24 months.
The IT Risk and Compliance Management Specialist will support the delivery of IT Security and Risk Management activities for a government IT project involving the deployment of solutions in a new Microsoft Azure cloud environment. In this role you will collaborate with IT teams, business stakeholders, and subject matter experts to ensure compliance with applicable security standards, policies, and risk management requirements.
Responsibilities
Review, analyze, and apply the Government of Canada’s Medium Profile for Cloud (PBMM) and Cloud Guardrails to IT systems during Security Assessment and Authorization (SA&A) activities.Review, analyze, and apply applicable government security policies and standards to IT systems as they relate to SA&A.Identify personnel, technical, physical, and procedural threats and vulnerabilities within IT networks and security architecture.Develop, review, and analyze security-related documentation, including:Data security analysis;Contractual security schedules;Statements of Sensitivity (SoS);Threat and Risk Assessments (TRA);Vulnerability assessments;Risk briefings.Conduct SA&A activities, including:Developing SA&A plans;Verifying that security safeguards meet applicable control frameworks, policies, and standards;Validating security requirements across project lifecycle stages;Confirming proper configuration of systems and implementation of safeguards;Conducting security testing and evaluation (ST&E) to verify functionality of technical safeguards;Assessing residual risks to determine if they meet acceptable levels;Reviewing security documents to ensure compliance with control frameworks, policies, and standards, and identifying conditions for approval.Develop and document approval processes for key business stakeholders, including interim and final go-live approvals.Collaborate with subject matter experts to configure and manage Microsoft Azure cloud infrastructure to meet security and compliance requirements.Provide training to IT executives, IT leaders, and business stakeholders on IT Risk and Compliance frameworks, processes, and responsibilities.Establish and maintain IT Risk and Compliance reporting mechanisms, including periodic reporting to executives and business stakeholders.
Qualifications
Bachelor’s degree in Computer Engineering, Computer Science, Commerce, or an equivalent field.Minimum of 10 years of experience as an IT Risk and Compliance Management Specialist.Minimum of 5 years of experience leading an IT Risk and Compliance Management function.Familiarity with security, IT process, and control frameworks such as COBIT, ISO 27002, ITIL, and TOGAF.Hands-on experience with Microsoft Azure cloud infrastructure configuration and management.Experience implementing the Government of Canada’s Medium Profile for Cloud (PBMM) and Cloud GuardrailsExperience with the Government of Canada’s Security Assessment and Authorization (SA&A) process.Strong analytical and investigative skills to address complex security and risk issues.Excellent organizational, interpersonal, and written communication skills.Demonstrated ability to manage multiple priorities under strict deadlines.Ability to handle highly confidential matters with discretion.Ability to develop and deliver training programs to technical and non-technical stakeholders.Clean Criminal Record.
David Aplin & Associates Inc., operating as Aplin, and its associated brands, CompuStaff and Impact Recruitment, is an award-winning employment agency connecting diverse, top-tier talent with exceptional organizations across North America. We welcome applicants from all backgrounds and charge no fees to apply or engage with our recruiters. Our clients partner with us to help expand and diversify their teams. Please note that all applicants must be legally entitled to work in Canada, including holding any necessary work permits.
The IT Risk and Compliance Management Specialist will support the delivery of IT Security and Risk Management activities for a government IT project involving the deployment of solutions in a new Microsoft Azure cloud environment. In this role you will collaborate with IT teams, business stakeholders, and subject matter experts to ensure compliance with applicable security standards, policies, and risk management requirements.
Responsibilities
Review, analyze, and apply the Government of Canada’s Medium Profile for Cloud (PBMM) and Cloud Guardrails to IT systems during Security Assessment and Authorization (SA&A) activities.Review, analyze, and apply applicable government security policies and standards to IT systems as they relate to SA&A.Identify personnel, technical, physical, and procedural threats and vulnerabilities within IT networks and security architecture.Develop, review, and analyze security-related documentation, including:Data security analysis;Contractual security schedules;Statements of Sensitivity (SoS);Threat and Risk Assessments (TRA);Vulnerability assessments;Risk briefings.Conduct SA&A activities, including:Developing SA&A plans;Verifying that security safeguards meet applicable control frameworks, policies, and standards;Validating security requirements across project lifecycle stages;Confirming proper configuration of systems and implementation of safeguards;Conducting security testing and evaluation (ST&E) to verify functionality of technical safeguards;Assessing residual risks to determine if they meet acceptable levels;Reviewing security documents to ensure compliance with control frameworks, policies, and standards, and identifying conditions for approval.Develop and document approval processes for key business stakeholders, including interim and final go-live approvals.Collaborate with subject matter experts to configure and manage Microsoft Azure cloud infrastructure to meet security and compliance requirements.Provide training to IT executives, IT leaders, and business stakeholders on IT Risk and Compliance frameworks, processes, and responsibilities.Establish and maintain IT Risk and Compliance reporting mechanisms, including periodic reporting to executives and business stakeholders.
Qualifications
Bachelor’s degree in Computer Engineering, Computer Science, Commerce, or an equivalent field.Minimum of 10 years of experience as an IT Risk and Compliance Management Specialist.Minimum of 5 years of experience leading an IT Risk and Compliance Management function.Familiarity with security, IT process, and control frameworks such as COBIT, ISO 27002, ITIL, and TOGAF.Hands-on experience with Microsoft Azure cloud infrastructure configuration and management.Experience implementing the Government of Canada’s Medium Profile for Cloud (PBMM) and Cloud GuardrailsExperience with the Government of Canada’s Security Assessment and Authorization (SA&A) process.Strong analytical and investigative skills to address complex security and risk issues.Excellent organizational, interpersonal, and written communication skills.Demonstrated ability to manage multiple priorities under strict deadlines.Ability to handle highly confidential matters with discretion.Ability to develop and deliver training programs to technical and non-technical stakeholders.Clean Criminal Record.
David Aplin & Associates Inc., operating as Aplin, and its associated brands, CompuStaff and Impact Recruitment, is an award-winning employment agency connecting diverse, top-tier talent with exceptional organizations across North America. We welcome applicants from all backgrounds and charge no fees to apply or engage with our recruiters. Our clients partner with us to help expand and diversify their teams. Please note that all applicants must be legally entitled to work in Canada, including holding any necessary work permits.
Confirm your E-mail: Send Email
All Jobs from David Aplin Group