Talent.com
IT Risk and Compliance Management Specialist

IT Risk and Compliance Management Specialist

Maarut IncWinnipeg (Transcona), MB, ca
6 days ago
Job type
  • Temporary
Job description

Role Description :

  • The IT Risk and Compliance Management Specialist will support the delivery of IT Security and Risk Management activities for a government IT project involving the deployment of solutions in a new Microsoft Azure cloud environment.
  • The resource will collaborate with IT teams, business stakeholders, and subject matter experts to ensure compliance with applicable security standards, policies, and risk management requirements.

Responsibilities :

  • Review, analyze, and apply the Government of Canada’s Medium Profile for Cloud (PBMM) and Cloud Guardrails to IT systems during Security Assessment and Authorization (SA&A) activities.
  • Review, analyze, and apply applicable government security policies and standards to IT systems as they relate to SA&A.
  • Identify personnel, technical, physical, and procedural threats and vulnerabilities within IT networks and security architecture.
  • Develop, review, and analyze security-related documentation, including :
  • Data security analysis;
  • Contractual security schedules;
  • Statements of Sensitivity (SoS);
  • Threat and Risk Assessments (TRA);
  • Vulnerability assessments;
  • Risk briefings.
  • Conduct SA&A activities, including :
  • Developing SA&A plans;
  • Verifying that security safeguards meet applicable control frameworks, policies, and standards;
  • Validating security requirements across project lifecycle stages;
  • Confirming proper configuration of systems and implementation of safeguards;
  • Conducting security testing and evaluation (ST&E) to verify functionality of technical safeguards;
  • Assessing residual risks to determine if they meet acceptable levels;
  • Reviewing security documents to ensure compliance with control frameworks, policies, and standards, and identifying conditions for approval.
  • Develop and document approval processes for key business stakeholders, including interim and final go-live approvals.
  • Collaborate with subject matter experts to configure and manage Microsoft Azure cloud infrastructure to meet security and compliance requirements.
  • Provide training to IT executives, IT leaders, and business stakeholders on IT Risk and Compliance frameworks, processes, and responsibilities.
  • Establish and maintain IT Risk and Compliance reporting mechanisms, including periodic reporting to executives and business stakeholders.
  • Requirements

    Skill Requirements / Qualifications :

    The Resource must have the following minimum qualifications or experience :

    Mandatory Skills and Qualifications :

  • Education :
  • Bachelor’s degree in Computer Engineering, Computer Science, Commerce, or an equivalent field.
  • Experience :
  • Minimum of 10 years of experience as an IT Risk and Compliance Management Specialist.
  • Minimum of 5 years of experience leading an IT Risk and Compliance Management function.
  • Technical Knowledge :
  • Familiarity with security, IT process, and control frameworks such as COBIT, ISO 27002, ITIL, and TOGAF.
  • Hands-on experience with Microsoft Azure cloud infrastructure configuration and management.
  • Experience implementing the Government of Canada’s Medium Profile for Cloud (PBMM) and Cloud Guardrails.
  • Experience with the Government of Canada’s Security Assessment and Authorization (SA&A) process.
  • Skills :
  • Strong analytical and investigative skills to address complex security and risk issues.
  • Excellent organizational, interpersonal, and written communication skills.
  • Demonstrated ability to manage multiple priorities under strict deadlines.
  • Ability to handle highly confidential matters with discretion.
  • Ability to develop and deliver training programs to technical and non-technical stakeholders.
  • Preferred Skills and Qualifications :

  • Experience applying the Government of Canada’s PBMM and Cloud Guardrails to secure cloud deployments.
  • Hands-on experience implementing safeguards and risk mitigation strategies for sensitive IT systems.
  • Experience with business impact analysis and risk evaluation in regulated environments.
  • Knowledge of industry standards and best practices for cloud security, particularly in Microsoft Azure.
  • Familiarity with contractual security schedules, data security analysis, and technical security documentation development.
  • Experience conducting security testing and evaluation (ST&E) and documenting residual risk assessments.
  • Proven experience presenting IT risk reports to executives and delivering actionable recommendations.