Business Consultant IT Security

Role:

Business Consultant IT Security

Location:

Ottawa, ON - Canada [Hybrid - 2-3 days/week to onsite is must]

Job Description:

The Business Consultant IT Security will act as a trusted security consultant, providing expert advisory and hands-on support across Security Assessment & Authorization (SA&A) initiatives. The role focuses on guiding project teams through complex security compliance requirements, shaping security architecture decisions, and ensuring successful attainment of Authority to Operate (ATO). This position requires strong stakeholder engagement, risk-based decision-making, and the ability to translate security frameworks into practical implementation within enterprise and COTS-based environments. Day to

Day Job Duties:

Conduct technical research and provide expert guidance on Security Assessment & Authorization (SA&A) requirements. Collaborate with project teams and Life Cycle Application Manager (LCAM) through weekly meetings to track SA&A progress. Support security evidence collection and develop formal risk and compliance documentation. Develop and refine SA&A artefacts including CONOPS, SCAR, PoAM, data dictionaries, and security control questionnaires. Advise project teams on implementation and prioritization of tailored security controls. Define and validate security processes across SDLC, including: Vulnerability Management Identity and Access Management (IAM) Audit and Logging Incident Response Data Loss Prevention (DLP) Review system architecture for compliance with Enterprise Architecture (EA) and CIA (Confidentiality, Integrity, Availability) requirements. Assess documentation, questionnaires, and evidence ahead of IATO and ATO approvals. Identify gaps or deficiencies in implemented security controls and recommend remediation actions. Prepare and package documentation for

IATO/ATO

submissions. Participate in SA&A governance meetings, sprint ceremonies, and cross-functional discussions.

Basic Qualifications:

6+ years of experience in Security Assessment & Authorization (SA&A) within government, para-government, or regulated environments. 6+ years of hands-on experience developing: Security Categorization Reports (SCAR) Security Requirements Traceability Matrices (SRTM) Security Concept of Operations (CONOPS) Security Assessment Reports (SAR) Threat and Risk Assessments (TRA) Strong knowledge of security frameworks, compliance standards, and risk management methodologies. Experience reviewing enterprise and COTS-based system architectures for security compliance. Proven ability to support

ATO/IATO

processes and security audits. Strong stakeholder management and consulting skills. Bilingual in English and French.