IT Security TRA and C&A Analyst

Title

IT Security TRA and C&A Analyst (Level 3)

Location

Remote

Start Date

Language

English

Salary

Negotiable

Security Clearance

Secret Clearance (Level II)

Duration

12 Months

Date Posted

Job ID

13974

Recruiter Email

Maplesoft Group is currently seeking a Remote IT Security TRA and C&A Analyst (Level 3) for our Federal Government client.

Tasks and Responsibilities include, but are not limited to the following:

• Developing security documentation in support of security assessment and authorization, in

accordance with the Communications Security Establishment (CSE) guidance, including ITSG-33

'IT Security Risk Management: A Lifecycle Approach'. This includes security categorization,

business needs for security, security concept of operations, security control profiles, detailed

diagrams, security documentation, security test plans, and results.

• Developing IT Security policies, procedures, directives, standards, guidelines, and awareness

materials, including staff training.

• Defining IT Security roles and responsibilities within the organization.

• Developing security architectures and associated documentation.

• Delivering risk management documentation for programs, systems, or services, such as

Certification Plans, Threat and Risk Assessments (TRAs), Privacy Impact Assessments (PIAs),

Certification Reports, Technical Vulnerability Assessments, etc.

• Delivering system development documentation for programs, systems, or services, such as

Concepts of Operation, Security Architectures, and Security Requirements Definitions.

• Providing IT security advice and guidance, including the review, analysis, and application of

Federal, Provincial, or Territorial IT Security policies, IT Security products, best practices, and risk

mitigation strategies

• Providing IT operational support services related to incident management, including monitoring,

response, and recovery.

• Conducting vulnerability assessments, including identification of threats to operating systems (e.g.,

MS, Unix, Linux, Novell), wireless architectures, and personnel, technical, physical, and procedural

vulnerabilities.

Conducting certification activities, including:

• Developing Security Certification Plans,
• Verifying that security safeguards meet applicable policies and standards,
• Validating security requirements through design stages,
• Conducting Security Testing and Evaluation (ST&E),
• Assessing residual risk to determine acceptability.

Conducting accreditation activities, including:

• Reviewing certification results for design documentation,
• Granting developmental, operational, or interim approvals based on acceptable risk levels and

compliance with security policies and standards.

• Developing privacy-related policies and implementing a privacy governance framework.
• Conducting Privacy Impact Assessments (PIAs) and Preliminary Privacy Impact Assessments

(PPIAs) in accordance with Government of Canada requirements

• Providing coaching and training to internal staff to develop their capacity in TRA and C&A analysis,

including developing staff's skills and knowledge in IT Security TRA and C&A Analyst best

practices, tools, and methodologies, with the goal of creating internal subject matter experts to

support ongoing IT security assessments and authorizations.

Maplesoft Group prides itself on its distinct corporate culture and recognizes that success is a direct reflection of our most valuable asset - our people. Therefore, attitude and ambition are key personality traits we seek out, along with skill and aptitude, in potential employees.

Maplesoft Group is committed to having a diverse, representative workforce and continuing to build an inclusive environment. We encourage applications from all qualified individuals. Maplesoft Group is an equal opportunity employer committed to diversity and inclusion. We are pleased to consider all qualified applicants irrespective of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected veterans' status, Aboriginal peoples or any other legally protected factors.

All employment decisions are made based on business needs, job requirements, and individual qualifications.

We are committed to developing inclusive, barrier-free recruitment and selection processes, and a work environment that supports our diverse workforce. Please let us know if you require accommodations at any stage of the recruitment process. We can be reached at Maplesoft Info at

We thank you for your interest in Maplesoft Group and wish to advise you, that only candidates under consideration will be contacted.