Overview
Compensation information provided in the description
Full Time
Skills
Public Health
IT Security
Project Development
Delegation
Technology Assessment
Recovery
Authorization
Estimating
SAP BASIS
Customer Relationship Management (CRM)
Project Scoping
Procurement
SOW
Traceability Matrix
Reporting
SAR
Security Analysis
Risk Management
Regulatory Compliance
Risk Assessment
Risk Analysis
Cyber Security
Security Controls
Cloud Computing
Auditing
Information Security
Job Details
Contract Position
Client: Health Canada
Duration: 3 months w/ possibility of extension
Role: SA&A
Start date: January 2026
Top Requirements:
1. 10 + years experience as a Information Technology Security TRA & CA Analyst creating & reviewing SA&A documents (SA&A plans, SoAR, BNS, SRTM, ATO etc.)
2. 3 + years experience with ITSG-33 and conducting assessments in PBMM environments
Description
Health Canada (HC) is in need a security specialist to support and implement the Security Assessment and Authorization (SA&A) process at HC and the Public Health Agency of Canada (PHAC) within individual IT applications that may relate to projects and initiatives. The SA&A process is based on the Canadian Center for Cyber Security (CCCS) IT security risk management: A lifecycle approach (ITSG-33) framework and guidance.
The outcome of the process is a series of activities and deliverables culminating in the establishment of a residual risk statement and recommendations for the operationalization of IT solutions and services at HC and PHAC.
The role of this specific resource is for a security lead representing HC Cyber Security Compliance and Risk Management (CRM) organization and working with the client project manager to plan and execute the SA&A IT security activities identified below throughout the applications (project/development) life-cycles. The security lead will be supported as and when needed by junior security lead and vulnerability assessor (under different TA requests); the security lead will be responsible for coordinating and delegating tasks to vendor provided resources in the context of this TA.
Tasks includes and are not limited to:
On a monthly basis provide a timesheet clearly identifying amounts of effort with which client-led project was supported. (this is critical based on the cost recovery model in this group)
Participate to client-led project meetings as-and-when required.
Produce and seek approval of the Security Assessment & Authorization (SA&A) plan.
Report to Cyber Security CRM and client project manager on a weekly basis or otherwise as required and provide status updates.
Review SA&A activities and effort estimates on a monthly basis and report to client project manager and CRM.
Revise the Statement of Sensitivity and other document required for Business Needs for Security (BNS).
Propose the Statement of Acceptable Risks (SoAR).
Provide SA&A process advice and guidance to client project.
Provide Canada and Department Standard and Guidance which applies to the project scope.
As Required: Revise Project's Procurement Statement of Work and Add Cyber Security Clauses.
As Required: Revise Project's Data Sharing Agreements and Add Cyber Security Clauses.
As Required: Revise Project's Business and IT Continuity Plan and Provide Cyber Security Recommendations.
Revise the Architecture and document the Cyber Security Architecture Layer to align the key security standards, best-practices and security controls to the project's architecture.
Organize and present at the Cyber Security Architecture Review Board.
Produce the Security Requirements Traceability Matrix (SRTM) and update as the project life-cycle advance.
Provide ongoing feedback to projects about security assessment of projects deliverables as they are created or tested.
Package the final SA&A Deliverables.
Produce and Validate the Security Assessment Report (SAR), Calculate Residual Risk and Provide Cyber Security Recommendations.
Organize and present at the Security Assessment Review Board.
Provide the Authority to Operate (ATO) Draft.
Skills
Third party risk, Risk management, Security, Vendor risk, Compliance, Risk assessment, Risk analysis, Cyber security, Security controls, Cloud, Audit, Information security, ITSG-33, M365, D365, Power Platform
Additional Skills & Qualifications
This is a fantastic opportunity for someone to work on a high visibility public facing application - Canadian Dental Care Plan (CDCP).
This is also a fully remote position.
Experience Level
Expert Level
If you would like more information, please apply within.
Job Type & Location
This is a Contract position based out of Ottawa, ON.
Pay and Benefits
The pay range for this position is $90.00 - $100.00/hr.
Workplace Type
This is a fully remote position.
propos de TEKsystems et TEKsystems Global Services
Nous sommes un fournisseur de services aux entreprises et de technologies. Nous acclrons la transformation de nos clients. Notre comptence en stratgie, conception, excution et oprations libre la valeur de l'entreprise par un ventail de solutions. Nous sommes une quipe de 80 000 personnes qui collaborent avec plus de 60 000 clients, notamment 80 % du Fortune 500 en Amrique du Nord, Europe et Asie, qui collaborent avec nous dans le cadre de nos capacits full-stack et notre rythme. Nous sommes des penseurs stratgiques, des collaborateurs pratiques qui aident les clients exploiter le changement et matriser le dynamisme de la technologie. Nous btissons le futur en livrant les rsultats et en crant un impact positif dans nos communauts mondiales. TEKsystems et TEKsystems Global Services sont des entreprises d'Allegis Group. Dcouvrez d'autres informations TEKsystems.com.
About TEKsystems and TEKsystems Global Services
We're a leading provider of business and technology services. We accelerate business transformation for our customers. Our expertise in strategy, design, execution and operations unlocks business value through a range of solutions. We're a team of 80,000 strong, working with over 6,000 customers, including 80% of the Fortune 500 across North America, Europe and Asia, who partner with us for our scale, full-stack capabilities and speed. We're strategic thinkers, hands-on collaborators, helping customers capitalize on change and master the momentum of technology. We're building tomorrow by delivering business outcomes and making positive impacts in our global communities. TEKsystems and TEKsystems Global Services are Allegis Group companies. Learn more at TEKsystems.com.
The company is an equal opportunity employer and will consider all applications without regard to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.
Client: Health Canada
Duration: 3 months w/ possibility of extension
Role: SA&A
Start date: January 2026
Top Requirements:
1. 10 + years experience as a Information Technology Security TRA & CA Analyst creating & reviewing SA&A documents (SA&A plans, SoAR, BNS, SRTM, ATO etc.)
2. 3 + years experience with ITSG-33 and conducting assessments in PBMM environments
Description
Health Canada (HC) is in need a security specialist to support and implement the Security Assessment and Authorization (SA&A) process at HC and the Public Health Agency of Canada (PHAC) within individual IT applications that may relate to projects and initiatives. The SA&A process is based on the Canadian Center for Cyber Security (CCCS) IT security risk management: A lifecycle approach (ITSG-33) framework and guidance.
The outcome of the process is a series of activities and deliverables culminating in the establishment of a residual risk statement and recommendations for the operationalization of IT solutions and services at HC and PHAC.
The role of this specific resource is for a security lead representing HC Cyber Security Compliance and Risk Management (CRM) organization and working with the client project manager to plan and execute the SA&A IT security activities identified below throughout the applications (project/development) life-cycles. The security lead will be supported as and when needed by junior security lead and vulnerability assessor (under different TA requests); the security lead will be responsible for coordinating and delegating tasks to vendor provided resources in the context of this TA.
Tasks includes and are not limited to:
On a monthly basis provide a timesheet clearly identifying amounts of effort with which client-led project was supported. (this is critical based on the cost recovery model in this group)
Participate to client-led project meetings as-and-when required.
Produce and seek approval of the Security Assessment & Authorization (SA&A) plan.
Report to Cyber Security CRM and client project manager on a weekly basis or otherwise as required and provide status updates.
Review SA&A activities and effort estimates on a monthly basis and report to client project manager and CRM.
Revise the Statement of Sensitivity and other document required for Business Needs for Security (BNS).
Propose the Statement of Acceptable Risks (SoAR).
Provide SA&A process advice and guidance to client project.
Provide Canada and Department Standard and Guidance which applies to the project scope.
As Required: Revise Project's Procurement Statement of Work and Add Cyber Security Clauses.
As Required: Revise Project's Data Sharing Agreements and Add Cyber Security Clauses.
As Required: Revise Project's Business and IT Continuity Plan and Provide Cyber Security Recommendations.
Revise the Architecture and document the Cyber Security Architecture Layer to align the key security standards, best-practices and security controls to the project's architecture.
Organize and present at the Cyber Security Architecture Review Board.
Produce the Security Requirements Traceability Matrix (SRTM) and update as the project life-cycle advance.
Provide ongoing feedback to projects about security assessment of projects deliverables as they are created or tested.
Package the final SA&A Deliverables.
Produce and Validate the Security Assessment Report (SAR), Calculate Residual Risk and Provide Cyber Security Recommendations.
Organize and present at the Security Assessment Review Board.
Provide the Authority to Operate (ATO) Draft.
Skills
Third party risk, Risk management, Security, Vendor risk, Compliance, Risk assessment, Risk analysis, Cyber security, Security controls, Cloud, Audit, Information security, ITSG-33, M365, D365, Power Platform
Additional Skills & Qualifications
This is a fantastic opportunity for someone to work on a high visibility public facing application - Canadian Dental Care Plan (CDCP).
This is also a fully remote position.
Experience Level
Expert Level
If you would like more information, please apply within.
Job Type & Location
This is a Contract position based out of Ottawa, ON.
Pay and Benefits
The pay range for this position is $90.00 - $100.00/hr.
Workplace Type
This is a fully remote position.
propos de TEKsystems et TEKsystems Global Services
Nous sommes un fournisseur de services aux entreprises et de technologies. Nous acclrons la transformation de nos clients. Notre comptence en stratgie, conception, excution et oprations libre la valeur de l'entreprise par un ventail de solutions. Nous sommes une quipe de 80 000 personnes qui collaborent avec plus de 60 000 clients, notamment 80 % du Fortune 500 en Amrique du Nord, Europe et Asie, qui collaborent avec nous dans le cadre de nos capacits full-stack et notre rythme. Nous sommes des penseurs stratgiques, des collaborateurs pratiques qui aident les clients exploiter le changement et matriser le dynamisme de la technologie. Nous btissons le futur en livrant les rsultats et en crant un impact positif dans nos communauts mondiales. TEKsystems et TEKsystems Global Services sont des entreprises d'Allegis Group. Dcouvrez d'autres informations TEKsystems.com.
About TEKsystems and TEKsystems Global Services
We're a leading provider of business and technology services. We accelerate business transformation for our customers. Our expertise in strategy, design, execution and operations unlocks business value through a range of solutions. We're a team of 80,000 strong, working with over 6,000 customers, including 80% of the Fortune 500 across North America, Europe and Asia, who partner with us for our scale, full-stack capabilities and speed. We're strategic thinkers, hands-on collaborators, helping customers capitalize on change and master the momentum of technology. We're building tomorrow by delivering business outcomes and making positive impacts in our global communities. TEKsystems and TEKsystems Global Services are Allegis Group companies. Learn more at TEKsystems.com.
The company is an equal opportunity employer and will consider all applications without regard to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.