IT Risk and Compliance Management Specialist - Jobs in Winnipeg (Transcona), Manitoba, Canada, R2C

Job Description

Role Description:

• The IT Risk and Compliance Management Specialist will support the delivery of IT Security and Risk Management activities for a government IT project involving the deployment of solutions in a new Microsoft Azure cloud environment.
• The resource will collaborate with IT teams, business stakeholders, and subject matter experts to ensure compliance with applicable security standards, policies, and risk management requirements.

Responsibilities:

• Review, analyze, and apply the Government of Canada’s Medium Profile for Cloud (PBMM) and Cloud Guardrails to IT systems during Security Assessment and Authorization (SA amp;A) activities.
• Review, analyze, and apply applicable government security policies and standards to IT systems as they relate to SA amp;A.
• Identify personnel, technical, physical, and procedural threats and vulnerabilities within IT networks and security architecture.
• Develop, review, and analyze security-related documentation, including:

• Data security analysis;
• Contractual security schedules;
• Statements of Sensitivity (SoS);
• Threat and Risk Assessments (TRA);
• Vulnerability assessments;
• Risk briefings.

• Conduct SA amp;A activities, including:

• Developing SA amp;A plans;
• Verifying that security safeguards meet applicable control frameworks, policies, and standards;
• Validating security requirements across project lifecycle stages;
• Confirming proper configuration of systems and implementation of safeguards;
• Conducting security testing and evaluation (ST amp;E) to verify functionality of technical safeguards;
• Assessing residual risks to determine if they meet acceptable levels;
• Reviewing security documents to ensure compliance with control frameworks, policies, and standards, and identifying conditions for approval.

• Develop and document approval processes for key business stakeholders, including interim and final go-live approvals.
• Collaborate with subject matter experts to configure and manage Microsoft Azure cloud infrastructure to meet security and compliance requirements.
• Provide training to IT executives, IT leaders, and business stakeholders on IT Risk and Compliance frameworks, processes, and responsibilities.
• Establish and maintain IT Risk and Compliance reporting mechanisms, including periodic reporting to executives and business stakeholders.

RequirementsSkill Requirements/Qualifications:The Resource must have the following minimum qualifications or experience:Mandatory Skills and Qualifications:

• Education:

• Bachelor’s degree in Computer Engineering, Computer Science, Commerce, or an equivalent field.

• Experience:

• Minimum of 10 years of experience as an IT Risk and Compliance Management Specialist.
• Minimum of 5 years of experience leading an IT Risk and Compliance Management function.

• Technical Knowledge:

• Familiarity with security, IT process, and control frameworks such as COBIT, ISO 27002, ITIL, and TOGAF.
• Hands-on experience with Microsoft Azure cloud infrastructure configuration and management.
• Experience implementing the Government of Canada’s Medium Profile for Cloud (PBMM) and Cloud Guardrails.
• Experience with the Government of Canada’s Security Assessment and Authorization (SA amp;A) process.

• Skills:

• Strong analytical and investigative skills to address complex security and risk issues.
• Excellent organizational, interpersonal, and written communication skills.
• Demonstrated ability to manage multiple priorities under strict deadlines.
• Ability to handle highly confidential matters with discretion.
• Ability to develop and deliver training programs to technical and non-technical stakeholders.

Preferred Skills and Qualifications:

• Experience applying the Government of Canada’s PBMM and Cloud Guardrails to secure cloud deployments.
• Hands-on experience implementing safeguards and risk mitigation strategies for sensitive IT systems.
• Experience with business impact analysis and risk evaluation in regulated environments.
• Knowledge of industry standards and best practices for cloud security, particularly in Microsoft Azure.
• Familiarity with contractual security schedules, data security analysis, and technical security documentation development.
• Experience conducting security testing and evaluation (ST amp;E) and documenting residual risk assessments.
• Proven experience presenting IT risk reports to executives and delivering actionable recommendations.