6.3 IT Security TRA and C&A Analyst, Level 2

Our Federal Government client is on the lookout for One (1) IT Security Threat and Risk Assessment (TRA) and Certification & Accreditation (C&A) Analyst – Level 2 to support the IT Security function in conducting risk assessments, performing Security Assessment and Authorization (SA&A) activities, and supporting the issuance of Authorizations to Operate (ATOs).

The role will focus on systems and solutions leveraging Artificial Intelligence (AI) and Large Language Model (LLM) technologies and will be delivered through an established professional services supply arrangement.

Roles and Responsibilities

• Security Assessments & Authorization: Lead SA&A activities, including TRAs, security documentation, and authorization deliverables for systems across on-premises, cloud, SaaS, and complex IT environments.

• Risk & Policy Management: Identify and manage security and supply-chain risks, implement data protection measures, and support updates to risk strategies, policies, and incident response processes, including AI-related considerations.

• Stakeholder Collaboration: Coordinate with technical and non-technical stakeholders, communicate security risks and mitigation strategies, and collaborate with internal teams and external partners.

• Delivery & Knowledge Transfer: Own assigned tasks through completion, provide regular progress updates, transfer all required documentation, and conduct knowledge transfer prior to contract end.

• Work Conditions: Work full-time during standard business hours, report to the IT Security Coordinator, use organization-issued equipment only, and recognize that implementation decisions rest with the Project Authority.

Qualifications and Skills

• Mandatory SA&A Experience (Level 2): Must have a minimum of five (5) years of experience within the last seven (7) years conducting Security Assessment and Authorization (SA&A) activities, including demonstrated experience with AI, ML, and/or LLM systems supported by at least two project examples.

• Government of Canada SA&A Experience: Experience conducting SA&A activities for the Government of Canada, including creation of SA&A artifacts; application of ITSG-33, GC Cloud Guardrails, and related frameworks; and assessment of cloud infrastructure, SaaS applications, and complex or critical systems.

• AI / LLM Risk Assessment Experience: Experience performing risk assessments for AI- or LLM-based systems, including cloud and SaaS environments; evaluating data protection and supply-chain risks; and communicating risk findings and mitigation strategies to both technical and non-technical stakeholders.

• Professional Certifications: Possession of one or more AI/ML or security-related certifications from a recognized professional body (e.g., CISSP, CISM, or equivalent AI/ML security credentials).