29954 -RFR-DTS-021– IT Risk and Compliance Management Specialist

The role is going to be of a IT Risk and Compliance Management Specialist with one of our Public Sector clients located at 215 Garry Street Winnipeg Manitoba.
If you have the required experience and are available for new opportunities, please send the following documents at [email protected] by February 07, 2025 at 12:00 PM EST.
Without mandatory documents, we cannot submit.

1. "Please ensure that your resume is updated and provided in Word format."

2. "To facilitate our evaluation process, please fill out the attached Skills Matrix and provide your references accordingly."

3. "We kindly request that you specify your expected hourly rate."

4. Kindly Provide your Work Authorization.

5. Kindly share with us your LinkedIn Profile ID.

OR
APPLY ONLINE
https://thethinkbeyond.com/Job-Details/RFRDTS021-IT-Risk-and-Compliance-Management-Specialist
For daily updates you can also join our Whatsapp group: Please use this link below to join👇
https://chat.whatsapp.com/DwVITx9uaiELQflTDdCv33
Job Title: 29954 -RFR-DTS-021– IT Risk and Compliance Management Specialist
Office Location: Onsite & Remote
#Business Days: Up to 24 Month
Duration: The duration of the engagement may be for up to a two year’s term. The term is anticipated to start with a 6-month initial term followed by one or several change requests up to 24month renewal(s). There is no commitment for extension (s).

Description
SERVICES AND DELIVERABLES

• All Services will be performed on-site with primary location at 215 Garry Street, Winnipeg, in the province of Manitoba, regardless of the location of residence of the Proponent’s resource. The service location of the resource may change as a part of STATEMENT OF WORK between Proponent and Manitoba. Manitoba at its sole discretion may provide an option to work remotely. The remote working rate is the rate at which the proponent’s resource will work primarily remotely and called onsite if needed at Manitoba’s sole discretion. The onsite rate is the rate at which proponent’s resource will work primarily onsite as per the location defined in STATEMENT OF WORK and may work remotely if needed with prior written permission from Manitoba at its sole discretion. The Proponent shall provide discounted remote working rate along with onsite rate for their resources in the submission.
• Standard working hours for the resource will be in accordance with Manitoba usual working hours of 8:30 am to 4:30 pm CST (7.25 hours per day), Monday to Friday. Manitoba offices are closed on all Manitoba statutory holidays, and these days will be unpaid. Manitoba at its sole discretion may decide that at certain times extended working hours are needed to meet project deadlines. But extended working hours are to cover exceptional circumstances and may not be available during the entire duration of the engagement with the proponent’s resource. Overtime work cannot be used and billed unless approved by Manitoba with an advanced written approval.

Role Description

• The IT Risk and Compliance Management Specialist will support the delivery of IT Security and Risk Management activities for a government IT project involving the deployment of solutions in a new Microsoft Azure cloud environment.
• The resource will collaborate with IT teams, business stakeholders, and subject matter experts to ensure compliance with applicable security standards, policies, and risk management requirements.

Responsibilities:

• Review, analyze, and apply the Government of Canada's Medium Profile for Cloud (PBMM) and Cloud Guardrails to IT systems during Security Assessment and Authorization (SA&A) activities.
• Review, analyze, and apply applicable government security policies and standards to IT systems as they relate to SA&A.
• Identify personnel, technical, physical, and procedural threats and vulnerabilities within IT networks and security architecture.
• Develop, review, and analyze security-related documentation, including:
• Data security analysis;
• Contractual security schedules;
• Statements of Sensitivity (SoS);
• Threat and Risk Assessments (TRA);
• Vulnerability assessments;
• Risk briefings.
• Conduct SA&A activities, including:
• Developing SA&A plans;
• Verifying that security safeguards meet applicable control frameworks, policies, and standards;
• Validating security requirements across project lifecycle stages
• Confirming proper configuration of systems and implementation of safeguards;
• Conducting security testing and evaluation (ST&E) to verify functionality of technical safeguards;
• Assessing residual risks to determine if they meet acceptable levels;
• Reviewing security documents to ensure compliance with control frameworks, policies, and standards, and identifying conditions for approval.
• Develop and document approval processes for key business stakeholders, including interim and final go-live approvals.
• Collaborate with subject matter experts to configure and manage Microsoft Azure cloud infrastructure to meet security and compliance requirements.
• Provide training to IT executives, IT leaders, and business stakeholders on IT Risk and Compliance frameworks, processes, and responsibilities.
• Establish and maintain IT Risk and Compliance reporting mechanisms, including periodic reporting to executives and business stakeholders.

SKILL REQUIREMENTS/QUALIFICATIONS
A clean criminal record check status will be required at the proponent’s expense prior to the successful Service Provider Resource(s) arriving onsite or working remotely. Maintaining a clean status is required throughout the Proponents contract. An enhanced background check, completed by Manitoba may be required on certain projects due to the confidentiality of the materials shared to the Proponent. If the proponent fails, they must rectify on their own cost and time.
The following are minimum qualifications and/or experience for the delivery of the Services.
The Resource must have the following minimum qualifications or experience:
Mandatory Skills and Qualifications

• Education: Bachelor’s degree in Computer Engineering, Computer Science, Commerce, or an equivalent field.
• Experience:
• Minimum of 10 years of experience as an IT Risk and Compliance Management Specialist.
• Minimum of 5 years of experience leading an IT Risk and Compliance Management function.
• Technical Knowledge:
• Familiarity with security, IT process, and control frameworks such as COBIT, ISO 27002, ITIL, and TOGAF.
• Hands-on experience with Microsoft Azure cloud infrastructure configuration and management.
• Experience implementing the Government of Canada’s Medium Profile for Cloud (PBMM) and Cloud Guardrails.
• Experience with the Government of Canada’s Security Assessment and Authorization (SA&A) process.

Skills:

• Strong analytical and investigative skills to address complex security and risk issues.
• Excellent organizational, interpersonal, and written communication skills.
• Demonstrated ability to manage multiple priorities under strict deadlines.
• Ability to handle highly confidential matters with discretion.
• Ability to develop and deliver training programs to technical and non-technical stakeholders.

Preferred Skills and Qualifications

• Experience applying the Government of Canada’s PBMM and Cloud Guardrails to secure cloud deployments.
• Hands-on experience implementing safeguards and risk mitigation strategies for sensitive IT systems.
• Experience with business impact analysis and risk evaluation in regulated environments.
• Knowledge of industry standards and best practices for cloud security, particularly in Microsoft Azure.
• Familiarity with contractual security schedules, data security analysis, and technical security documentation development.
• Experience conducting security testing and evaluation (ST&E) and documenting residual risk assessments.
• Proven experience presenting IT risk reports to executives and delivering actionable recommendations.