Senior Security Assessment & Authorization; SA&A Specialist

Responsibilities

• Perform Security Assessment and Authorization (SA&A) activities, including Threat and Risk Assessments (TRA), Security Impact Assessments (SIA) and Privacy Impact Assessments (PIA).
• Assess, document, and validate security control implementation and evidence in accordance with ITSG-33, DIMSecur, CJCR Security Orders and related standards.
• Identify security gaps, conduct risk and vulnerability assessments and develop Plans of Action and Milestones (POA&M).
• Perform risk modeling and comparative control analysis against GC, NIST and ISO/IEC security frameworks, ensuring compliance with applicable legislation and policy instruments.
• Support system interconnections, secure SDLC practices and security testing across cloud and on-premises environments.
• Develop and maintain continuous monitoring strategies, including automated evidence capture.
• Lead incident response and contingency planning activities, including tabletop exercises and readiness testing.
• Develop and deliver training, guidance and awareness on security controls, SA&A processes and evidence capture.
• Create and maintain standardized templates and documentation for risk assessments, security controls and authorization packages.
• Contribute to departmental operations and governance, including policy development, performance reporting, strategic analysis and internal advisory support.

• 10+ years of experience (within the last 12 years) performing SA&A for a large organization (20,000+ users) in the Government of Canada, within the Defense or Public Safety domain.
• 15+ years of experience in cybersecurity risk management, including security control assessment and documentation, policy development and Security Assessment & Authorization management.
• 10+ years of experience securing and assessing systems using GC ITSG-33, NIST SP 800-53, and ISO/IEC 27001/27002, including conducting Threat and Risk Assessments (TRAs) and Privacy Impact Assessments (PIAs) for cloud and on-premises environments.
• CISSP certification
• Graduate Certificate in Information Systems Security
• Secondary school diploma, plus a certificate, diploma, or degree in a relevant field from a recognized Canadian post-secondary institution, or an acceptable combination of education, training and experience

We do not use artificial intelligence (AI) tools to screen, assess, or select applicants at any stage of our recruitment process. All applications are reviewed by our recruitment team.

OXARO is committed to fostering an inclusive, equitable and respectful workplace where every individual feels valued and empowered to contribute their best. We believe that diversity drives innovation and strengthens our ability to serve our clients and communities. We are dedicated to ensuring a fair and unbiased recruitment process and welcome applications from members of the four designated groups under the Employment Equity Act: women, Indigenous peoples, persons with disabilities and members of visible minorities.

Accommodations are available upon request for candidates taking part in all aspects of the recruitment process.

We sincerely thank all applicants for their interest in this opportunity. While we appreciate every application, only those selected for an interview will be contacted.