Click here to login or register
Reference # : 18-00007 Title : Systems Risk Management Specialist (Level 3)
Location : Gatineau, QC
Position Type : Full Time/Contract
Experience Level : 10 Years Start Date : 01/02/2018  
Location Ottawa
Language English
Security Clearance Secret Security Clearance Required
Role and Responsibilities

Our Federal Government client requires a Level 3 Systems Risk Management Specialist for a 2 year contract with option of 4 additional years.

  1. Provide advice, recommendations and support to the implementation and adoption of the new e- Procurement Solution, focusing on mitigating and managing risks associated with system functionality and the security operations of the e-Procurement Solution;
  2. Research and analyze Treasury Board (TB) policy and directives to identify potential risk areas and level of impact regarding policy compliance of the new e-Procurement Solution; develop mitigation measures and action plan to ensure that the services fully meet TB policy requirements;
  3. Develop an implementation plan and control process for the new e-Procurement Solution to manage any risks or issues in meeting the GC security requirements and procedures;
  4. Review vendor’s document, identify and provide advice on the resolution to current and emerging issues in complying with the GC approved certifications and accreditations of the operation of the e-Procurement Solution;
  5. Provide assistance in the development of long-term strategies in risk management of GC e- Procurement focusing on policy compliance and security/privacy insurance;
  6. Conduct risk assessment on vendor’s IT network, IM tool, service delivery and operation model for
  7. the new e-Procurement Solution and develop risk management plan where appropriate;
  8. Conduct a risk assessment and develop a strategic contingency plan to ensure the continuity of the e-Procurement Solution in the event of extended hardware outages, major software bugs, or critical operational issues;
  9. Review and analyze the government security policy and its application to the functional requirements of the new e-Procurement Solution from a national and international perspective and identify any potential compliancy issues the vendor may encounter;
  10. Conduct a risk assessment, identify specific risks associated with functional modules (e.g. e- bidding, supplier relationship management) of the solution and the overall program objectives, and formulate proper solutions, methodologies, risk mitigation measures and action plan to ensure that the services fully meet GC security and privacy requirements;
  11. Review  vendor’s  threat  analysis  and threat risk  assessments and provide recommendations on
  12. how to resolve potential issues found through the review; and
  13. Communicate with clients and internal and external stakeholders to respond to comments and questions on the e-Procurement Solution, especially in the area of security and privacy.
Qualifications and Experience
  • 10 years of experience within the past 15 years providing advice and making recommendations with regards to the ongoing and emerging system functionality of enterprise wide application(s) or solution(s) as it relates to risk management to ensure a secured operation of the system.
  • Ideally, certified in Risk and Information System Control.
  • 2 years of experience within the past 10 years, in conducting risk assessment and developing risk mitigation plans, methodologies and strategies for risk management.
  • 2 years of experience within the past 10 years, in performing threat analysis and risk assessments for the Federal Government projects/programs.
  • 2 years of experience within the past 10 years, in analyzing a government or private sector security policy and providing advice on how to mitigate risks associated with the application of the policy to functional and operational requirements as it relates to the implementation of vendor’s services
  • 2 years of experience, within the past 10 years,  in applying the Government of Canada security policy and procedures to a government wide solution.
  • 2 years of experience within the past 10 years, in identifying security, privacy and or operating system risks associated with the functional module of an enterprise solution or the overall implementation objectives of the project
  • 2 years of experience, within the past 10 years,  in conducing risk assessments associated with Privacy Impact Assessments within the Government of Canada.
  • 1 year of experience working on enterprise electronic procurement systems or a Government of Canada Financial Management Systems in the past 10 years, as a Systems Risk Management Specialist.
  • Ideally, holds a valid certification in one of the following:
    • Certified Protection Professional (CPP)
    • Certified Information Systems Secure Professional (CISSP)
    • Certified Information Systems Auditor (CISA)
    • Certified Information Systems Manager (CISM)
    • Certified ISO 27001 Lead Auditor
    • Global Information Assurance Certification (GIAC). 

If you are interested in and available for this full-time opportunity, then please submit your deatiled resume for consideration and one of our consultants will be in touch soon to discuss further. 

Thank you.