SKILL: Security Architect Enterprise Security

LENGTH: September 29 – March 31, 2026 (ASAP

LOCATION: REMOTE

LOCATION OF CLIENT: Ottawa

REQUIRED SECURITY CLEARANCE: Secret

THIS IS A NEW IPLEMENTATION so candidates must have the below:

The Bidder must demonstrate the proposed resource has a minimum of ten

(10) years, within the twelve (12) years preceding the issuance date of this draft TA, working as a Information Technology Security TRA and Certification & Accreditation (C&A) Analyst, performing at least six (6) of the eight (8) tasks listed below for a minimum of six months of experience per task:

1)

Reviewing, and analyzing IT Security policies, System IT Security Certification & Accreditation processes, IT Security products, safeguards and best practices, and IT Security risk mitigation strategies;

2)

Identifying threats to, and vulnerabilities of operating systems (such as MS Windows, Unix, Linux, and Novell), and wireless architectures;

3)

Identifying personnel, technical, physical, and procedural threats to and vulnerabilities of Departmental IT systems;

4)

Developing reports such as: Data security analysis, Concepts of operation, Statements of Sensitivity (SoSs), Threat assessments, Privacy Impact Assessments (PIAs), Non- technical Vulnerability Assessments, Risk assessments, IT Security threat, vulnerability and/or risk briefings.

5)

Conducting Certification activities such as:

•

Security Certification Plans;

•

Ensuring security safeguards meet the applicable policies and standards;

•

Validate security requirements by mapping the system- specific security policy to functional security requirements, and/or mapping the security requirements through the various stages of design documents;

•

Ensuring that security safeguards have been implemented correctly and that assurance requirements have been met;

•

Security testing and evaluation (ST&E) to determine that technical safeguards are functioning appropriately; and

•

Assessing residual risk identified by the risk assessment to determine level of risk.

6)

Conducting Accreditation activities such as:

•

Reviewing certification results in the design documentation by the Accreditation Authority to ensure that the system will operate with an acceptable level of risk and that it will comply with the departmental and system security policies and standards (for approval purposes).

•

This may include, but is not limited to, the following types of approvals:

Developmental approval by both the Operational and the Accreditation Authorities; and

Operational approval for the implemented IT system to operate.

7)

Produce related documentation and gather evidence for Security Assessment and Authorization (SA&A) for solution; and

8)

Produce required documentation in order to obtain Authority to Operate (ATO).

The required experience can be demonstrated over one or more Customer Reference Projects.

The Bidder must demonstrate the proposed resource has a minimum of five (5) years of experience of working on one (1) of the following:

a) Customer Relationship Management (CRM), b) Case Management Tool (CMT),

c) Case Management System (CMS),

d) Enterprise Case Management (ECM), or

e) equivalent project