IT Security Analyst
Saransh Inc
Job Description
Job Description The Business Consultant IT Security will act as a trusted security consultant, providing expert advisory and handsâon support across Security Assessment & Authorization (SA&A) initiatives. The role focuses on guiding project teams through complex security compliance requirements, shaping security architecture decisions, and ensuring successful attainment of Authority to Operate (ATO). This position requires strong stakeholder engagement, riskâbased decisionâmaking, and the ability to translate security frameworks into practical implementation within enterprise and COTSâbased environments.
Day To Day Job Duties Conduct technical research and provide expert guidance on Security Assessment & Authorization (SA&A) requirements. Collaborate with project teams and Life Cycle Application Manager (LCAM) through weekly meetings to track SA&A progress. Support security evidence collection and develop formal risk and compliance documentation.
Develop and refine SA&A artefacts including CONOPS, SCAR, PoAM, data dictionaries, and security control questionnaires. Advise project teams on implementation and prioritization of tailored security controls. Define And Validate Security Processes Across SDLC, Including Vulnerability Management Identity and Access Management (IAM) Audit and Logging Incident Response Data Loss Prevention (DLP) Review system architecture for compliance with Enterprise Architecture (EA) and CIA (Confidentiality, Integrity, Availability) requirements.
Assess documentation, questionnaires, and evidence ahead of IATO and ATO approvals. Identify gaps or deficiencies in implemented security controls and recommend remediation actions. Prepare and package documentation for IATO/ATO submissions.
Participate in SA&A governance meetings, sprint ceremonies, and crossâfunctional discussions. Basic Qualifications 6+ years of experience in Security Assessment & Authorization (SA&A) within government, paraâgovernment, or regulated environments. 6+ years of handsâon experience developing: Security Categorization Reports (SCAR) Security Requirements Traceability Matrices (SRTM) Security Concept of Operations (CONOPS) Security Assessment Reports (SAR) Threat and Risk Assessments (TRA) Strong knowledge of security frameworks, compliance standards, and risk management methodologies. Experience reviewing enterprise and COTSâbased system architectures for security compliance.
Proven ability to support ATO/IATO processes and security audits. Strong stakeholder management and consulting skills. Bilingual in English and French.
Travel Minimal travel required: Must be able to work in a hybrid model (2 days per week onsite in Nepean, Ottawa). Degree Certificate, Diploma, or Degree in Computer Science, Information Security, or a related field from a recognized postâsecondary institution. Nice To Have Additional security certifications beyond CISSP and CISA.
Experience with Canadian government security standards and frameworks. Exposure to Defence or public sector learning systems (e.g., LMS platforms). Familiarity with DevOps and secure SDLC practices in agile environments. #J-18808-Ljbffr