Senior Special Advisor - Contract

LRO Staffing View all jobs

  • Ottawa, ON
  • Permanent
  • Full-time
  • 1 day ago
  • Apply easily
Our Public Sector client requires the assistance of a Senior Special Advisor to support a time-sensitive cloud migration initiative within a complex IT environment and will help ensure alignment with Government of Canada security requirements, standards, and assessment practices.The role will support security assessment, authorization, risk, compliance, and control validation activities related to the migration and ongoing operation of enterprise applications in a cloud environment.Duties include but are not limited to:
  • Lead and document Security Assessment & Authorization (SA&A) for Fortress
  • Map, assess, and implement security controls across Overarching, Protect, Detect, Respond, and Recover Functions as defined in CJCR Group Security Orders
  • Advise on strategies to support Continuous Authorization to Operate (CATO) for Fortress
  • Develop reusable processes, templates, and automated evidence-gathering methods for control validation
  • Security Control Assessment and Evidence Capture
  • Conduct SA&A, Threat Risk Assessments (TRA), Security Impact Assessments (SIA), and Privacy Impact Assessments (PIA)
  • Capture and document control evidence in line with ITSG-33, DIM Secur, and CJCR Gp Security Orders (e.g., access control, audit, configuration management, incident response)
  • Develop Plan of Action & Milestones (POAM) to address deficiencies
  • Risk and Vulnerability Management
  • Conduct risk modeling (actor profiles, scenario analysis) to inform mitigations
  • Produce comparative analysis of CJCR controls against ITSG-33, NIST, and ISO 27002 standards
  • Ensure compliance with TBS Policy on Government Security, Privacy Act, Access to Information Act, and other applicable policies
  • Develop and review Interconnection Security Agreements (ISAs)
  • Assist with evidence capture of developer security testing and secure SDLC integration (static/dynamic code analysis, CI/CD security)
  • Develop plan for Continuous Monitoring strategy, including automated evidence capture
  • Lead tabletop exercises and test contingency/incident response procedures
  • Provide training and awareness sessions on SA&A evidence capture and security controls
  • Deliver reusable templates for risk assessments, security control documentation, and ATO submissions
About YouThe successful candidate will have the following:
  • CISSP designation obtained (maintenance is not required)
  • Experience delivering Security Assessment & Authorization (SA&A) activities for Government of Canada departments and agencies within the past 8 years
  • Experience producing or supporting SA&A artefacts such as Security Control Traceability Matrix (SRTM/SCTM), Security Assessment Report (SAR), Plan of Action & Milestones (POA&M), and Authority to Operate (ATO/IATO) support documentation within the past 8 years
  • Experience performing cyber security risk management functions for Government of Canada departments and agencies at the governance, policy, and control-program level within the last 10 years
  • Experience in one or more of the following within the last 10 years: security risk management governance, security control program oversight, security policy, standard, or procedure development, and enterprise risk treatment planning
  • Hands-on experience assessing security controls and performing Threat and Risk Assessments for Government of Canada systems or services, including cloud environments, within the last 8 years
  • Experience with security control assessment using ITSG-33 or mapping controls to NIST SP 800-53 and/or ISO/IEC 27001/27002 in a manner equivalent to ITSG-33 control assessment practices
  • Experience supporting cloud security assessment work in at least one Government of Canada cloud environment
  • Ability to work in English in a professional environment
Assets may include:
  • Experience supporting Continuous Authorization to Operate (CATO) or continuous monitoring strategies
  • Experience developing reusable templates, processes, and automation for evidence gathering and control validation
  • Experience delivering training, workshops, or awareness sessions related to security controls, compliance, or SA&A activities
  • Experience working in large, complex, or multi-stakeholder public sector environments
  • Experience supporting secure software development lifecycle (SDLC), including integration of security testing (e.g., static or dynamic analysis, CI/CD security practices)
  • Must have a valid Secret security clearance
About the Job
  • Duration: Approximately 48 weeks (May 2026 to April 2027)
  • Location: Ottawa, ON (Hybrid - 3 days onsite / 2 days remote)
  • Language: English Essential
LROGOV
How to ApplyPlease apply by clicking the “Apply Now” button below and follow the instructions to submit your résumé. You can also apply by submitting your résumé directly to . If you are already registered with us, please contact your Senior Recruiter. Please quote job 19024.LRO Staffing values fairness, confidentiality, and human judgment in every stage of our hiring process. We do not use automated or AI-driven screening tools to assess applications. Each submission is reviewed by an experienced recruiter to ensure a thoughtful and equitable evaluation of every candidate.Thank you for your interest in this role. One of our Recruiters will be in touch with you if your profile meets the requirements for the role and the expectations of our clients. Please note that all candidates must be permitted to work in Canada to be considered for this opportunity.
#LI-CA1

LRO Staffing

Similar Jobs

  • Assistant Controller

    Harris Computer

    • Ottawa, ON
    • $70,000-80,000 per year
    ASSISTANT CONTROLLER: This is your chance to join a fast-paced organization with a large, stable, and continuously growing presence in the vertical market software industry! Ha…
    • 17 days ago