IT Cyber Security Specialist (Government Contract)

IT Cyber Security Specialist (Government Contract)
Location: Onsite – Ottawa, Ontario, Canada
Security Clearance: Active Secret (required)
Salary $75.00 to $100.00 per hour
Job Type: Contract

Overview
We are seeking an experienced IT Cyber Security Specialist to support Government of Canada (GoC) initiatives. The successful candidate will have strong hands-on experience in Security Assessment & Authorization (SA&A), risk management, and security control assessment within federal environments.

Key Responsibilities
Security Assessment & Authorization (SA&A)
Conduct SA&A activities including Threat Risk Assessments (TRA), Security Impact Assessments (SIA), and Privacy Impact Assessments (PIA)
Capture and document control evidence aligned with ITSG-33, DIM Secure, and CJCR Gp Security Orders
Develop Security Control Traceability Matrix (SRTM/SCTM), Security Assessment Reports (SAR), and Plan of Action & Milestones (POA&M)
Support Authority to Operate (ATO/IATO) processes and documentation
Security Control Assessment & Evidence Capture
Collect and validate evidence for controls such as access management, audit logging, configuration management, and incident response
Assist with secure SDLC integration (static/dynamic code analysis, CI/CD security)
Develop reusable templates for SA&A artefacts and submissions
Risk & Vulnerability Management
And other tasks.

Mandatory Qualifications
CISSP (Certified Information Systems Security Professional) designation (required)
Active Secret security clearance
Minimum 6 SA&A artefacts delivered across at least 3 different artefact types:
SRTM/SCTM
SAR
POA&M
ATO/IATO documentation
Proven hands-on (system-level) SA&A experience within GoC departments/agencies
All experience must be within the past 8 years

Required Experience
1. GoC SA&A Delivery (Hands-On)
Demonstrated system-level execution (not oversight only)
Experience producing SA&A artefacts and supporting ATO processes
2. Cyber Security Risk Management (Governance Level)
Experience in at least 2 of the following areas:
Risk governance (risk registers, risk acceptance, reporting)
Security control program oversight
Policy, standard, or procedure development
Enterprise risk treatment planning (POA&M governance)
(Experience must be within the last 10 years and at enterprise/departmental level.)
3. Security Controls Assessment + TRA + Cloud
4 years conducting security control assessments using ITSG-33 or equivalent (NIST SP 800-53 / ISO 27001/27002 mapping)
Demonstrated experience conducting Threat & Risk Assessments (TRAs)
Experience assessing at least one GoC cloud environment (Azure, AWS, or M365)

Additional Information
Reference checks may be conducted to validate experience, deliverables, and timelines
Only candidates selected for further consideration will be contacted

How to Apply
Please submit your resume to:
jim.nickolson@noramtec.com
Only candidates with the skills will be contracted.