Security Design Specialist

Maplesoft Group is currently seeking a Security Design Specialist (Level 3) for our Federal Government client.

The following responsibilities are associated with the “Statement of Work” but are not limited to:
Primary Responsibilities

1. Provide expertise on information security and GC security policy.

2. Develop artifacts related to the technology area for which they have been contracted.

This may include the following types of deliverables:
SA&A Plans

Schedules

Test/Security test strategies

Detailed Designs for system components

Test Plans/Test Results

3. Conduct and participate in design reviews.

4. Provide architectural input and security design support to the overall design and

development processes.

5. Provide support to sales and product management groups for all GCSI programme

requirements.

6. Provide management, mentoring and oversight to the GCSI team; and

7. Other related activities as determined by the SSC Authorities.

8. Management collateral on all service security and SA&A requirements.

9. System and subsystem solution designs compliant with policy, business, security,

operational and support requirements.

10. Detailed system and subsystem technical, development, integration, interface and build

documentation.

11. Functional and technical test plans, test cases and test results documentation.

12. Technical collateral for cost/benefit analysis and proposals.

13. Detailed root cause analysis documentation.

14. Detailed Change Request technical analysis documentation; and Operational collateral.

15. Work in partnership with all stakeholders to identify technical architecture, challenges,

risks, and recommendations for various projects related to the Transformation

Programs/Initiatives.

16. Collaborate with all stakeholders on the evaluation of any relevant data from service

providers, transformation teams, project management build teams and operational teams.

17. Program as well as other CITS core transformation programs.

18. Conduct analysis of Current State Assessments in support of GC and Cyber and IT

Security core transformation programs.

19. Produce various security artifacts as needed.

20. Participation in related IT Security meetings, discussions and presentations to

stakeholders or senior management.

21. Document, review and track actions and meetings decisions.

22. Perform functional and options analysis in support of program delivery.

23. Perform impact analysis with the perspective of an enterprise solution, evaluate and make

recommendations.

24. Create presentations and present to various stakeholders and facilitate meetings and

discussions.

25. Provide Security Training & Awareness.

26. IT Security requirements support for GC and Cyber and IT Security Transformation

Programs comprised of, but not limited to:
Review business and IT Security requirements from various programs and

initiatives

Work in partnership with all stakeholders to develop security control profiles based

on CSEC ITSG-33 and other related security standards, in support of various

projects related to Transformation Programs/Initiatives

Validate IT Security requirements by mapping business and/or security

requirements through the various stages of the Information System Security

Implementation Process (ISSIP)

Analyze and evaluate client requirements and documentation

Plan, conceptualize, coordinate, and document recommendations for solutions

based on client requirements

Perform functional and options analysis in support of program delivery

Perform impact analysis with the perspective of an enterprise solution, evaluate

and make recommendations.

27. IT Security strategies, frameworks, models, methodologies, roadmaps, plans, heat maps,

RACI matrices, policies, instruments in the areas of, but not limited to:
Security Risk Management, including risk assessment methodologies

Security Assessment & Authorization (SA&A)

Security Program Management and Governance, including organizational and/or

functional design or review, and IS and/or ITS program-level compliance reporting

Review/analyze various SSC and/or TBS transformation initiative deliverables and

ensure compliance, alignment, and conformity of deliverables with Government of

Canada IT Security strategies, principles,

methodologies, frameworks, programs, policies and instruments (directives,

standards, guidelines), and procedures

Develop IT Security standards, procedures, and guidelines pursuant to the

requirements of Canada’s National Security Policy, Treasury Board Secretariat’s

Policy on Government Security, and supporting operational standards (e.g., MITS),

departmental/agency security policy, and other relevant standards, procedures,

and guidelines

Develop IT Security policy in the areas of IT security and assurance, standard

Certification & Accreditation frameworks for IT systems, information infrastructure

protection, product evaluation, privacy, Business Continuity Planning,