Information Security Risk Analyst

Priority may be given to the following designated employment equity groups: women, Indigenous peoples* (First Nations, Inuit and Métis), persons with disabilities and racialized persons*.

• The Employment Equity Act , which is under review, uses the terminology Aboriginal peoples and visible minorities.

Candidates are asked to self-declare when applying to this hiring process.City: Within a National Research Council Office across CanadaOrganizational Unit: Security BranchClassification: CS-3Tenure: ContinuingLanguage Requirements: Bilingual Imperative BBB/ BBB

• Assignments and secondments may be considered according to NRC's policies
• This position may be underfilled
• Pool will be created

Work Arrangements:Due to the nature of the work and operational requirements, this position will require some physical presence at the NRC work location identified in the form of a hybrid work arrangement (a combination of working onsite and offsite).Your ChallengeGreat Minds. One Goal. Canada's Success.Help bring research to life and drive your career forward with the National Research Council of Canada (NRC), Canada's largest research and technology organization.We are looking for a vibrant and dynamic Information Security Risk Management Analyst to support our Security Branch. The selected individual would be someone who shares our core values of Integrity, Excellence, Respect and Creativity.As an Information Security Risk Management Analyst, you will be responsible for managing information security risk related to IT services in support of NRC’s strategic objectives. As a member of the NRC Security Branch, you will be actively involved in providing IT security risk management to a variety of advisory committees and CBI’s. You will also perform Security Assessment and Authorization activities for NRC services and applications in support of key applications and programs in the organisation.You will provide IT security advice and guidance, and make recommendations to internal clients to ensure compliance with federal standards, directives and NRC’s policies.Screening CriteriaApplicants must demonstrate within the content of their application that they meet the following screening criteria in order to be given further consideration as candidates:EducationSuccessful completion of two years of post-secondary education in Computer Science, Information Technology, Information Management or another specialty relevant to the position.An acceptable combination of education, training and experience may also be considered.Degree from a recognized university would be considered as an asset.ASSETS:

• Certifications: CISSP, GIAC, ISACA, or PMP
• Completion of government provided training such as HTRA.

For information on certificates and diplomas issued abroad, please see Degree equivalencyExperience

• Basic* experience using the fundamentals of project management such as developing and managing project plans, and other project documents, resource planning, scope management and working with Gantt charts, resource planning…etc.
• Experience applying IT Risk Management principles.
• Significant* experience in system and/or network administration or general IT security principles.
• Significant* experience applying relevant security federal legislation, policies, standards, directives and guidance in an operational environment.
• Significant* experience working with information categorisation, Security Assessment and Authorization methodology based on ITSG-33 and GC Cloud Adoption Strategy.
• Basic – a few months and up to 2 years
• Significant – 2 to 6 years

ASSETS:

• Experience in IT process development (e.g. ITIL, Lean).
• Experience in development of process and standard operating procedures.
• Experience with IT requirements for Controlled Goods.

Condition of EmploymentSecret (II)A Secret clearance must be obtained within 12 months of employment.Language RequirementsBilingual Imperative BBB/BBBInformation on language requirements and self-assessment testsAssessment CriteriaCandidates will be assessed on the basis of the following criteria:Technical Competencies

• Basic* knowledge of risk management principles.
• Basic* knowledge of relevant federal legislations, policies, standards and guidance including the Policy on Government Security (PGS), the Directive on Security Management, the Policy on Service and Digital and ITSG-33, TBS Cloud Adoption Strategy, GC Cloud Guardrails, cybersecurity guidance and best practices.
• Basic* knowledge of different types of cloud offerings and cloud architecture.
• Basic* knowledge of IM/IT systems hardware, software and operating systems.
• Solid ability to develop documentation for a range of audiences including briefing notes, meeting minutes, presentations.
• Solid ability providing information, feedback and recommendations to individuals at many levels of technical knowledge and administrative responsibility.
• Basic – a few months and up to 2 years

Behavioural Competencies

• Management services - Client focus (Level 2)
• Management services - Communication (Level 2)
• Management services - Conceptual and analytical ability (Level 2)
• Management services - Results orientation (Level 3)
• Management services - Teamwork (Level 2)

Competency Profile(s)For this position, the NRC will evaluate candidates using the following competency profile: Management ServicesView all competency profilesCompensationFrom $89,548 to $112,660 per annum.In addition, the incumbent will receive the Bilingualism Bonus of $800 per year.An incumbent occupying a position within the CS Group is currently entitled to receive a terminable allowance of $212 per month.NRC employees enjoy a wide-range of competitive benefits including comprehensive health and dental plans, vacation, sick, and other leave entitlements, disability insurance and pension plans.The NRC AdvantageThe National Research Council of Canada (NRC) is the Government of Canada's largest research organization supporting industrial innovation, the advancement of knowledge and technology development. We collaborate with over 70 colleges, universities and hospitals annually, work with 800 companies on their projects, and provide advice or funding to over 8000 Small and Medium-sized Enterprises (SMEs) each year.We bring together the brightest minds to deliver tangible impacts on the lives of Canadians and people around the world. And now, we want to partner with you. Let your expertise and inspirations make an impact by joining the NRC.At the NRC Employee wellness matters. We offer flexible work schedules as well as part-time work to help employees maintain work-life balance. We are one of the few federal organizations that close our offices during the December holiday season. We offer professional learning and development opportunities such as conferences, workshops, and a suite of mentorship, award and recognition programs. Diversity enables creativity and innovation. Fostering a diverse, inclusive, welcoming and supportive workplace is important to us, and contributes to a more inclusive Canadian innovation system. We welcome all qualified applicants and encourage you to complete the employment equity self-declaration questions during the job application process. Please let us know of any accommodation measures required to help you to be assessed in a fair and equitable manner. Please note that the information you provide will be treated confidentially.Help us solve problems for Canada. Grow your career with us today!Notes

• Relocation assistance will be determined in accordance with the NRC's directives.
• A pre-qualified list may be established for similar positions for a one year period.
• To ensure a prompt and efficient processing of applications, candidates must provide, along with their résumé, a detailed covering letter explaining how they meet each of the requirements of this position (education, experience, language requirements) by providing concrete examples. In addition, the candidate is encouraged to describe in detail when, where and how he/she gained the experience
• Preference will be given to Canadian Citizens and Permanent Residents of Canada. Please include citizenship information in your application.
• The incumbent must adhere to safe workplace practices at all times.
• We thank all those who apply, however only those selected for further consideration will be contacted.

Please direct your questions, with the requisition number ( 21893 ) to:E-mail: Telephone: Closing Date: 13 May 2024 - 23:59 Eastern TimeFor more information on career tools and other resources, check out Career tools and resources

• If you are currently a term or continuing employee at NRC, please apply through the SuccessFactors Careersmodule from your NRC computer.