Senior Security Assessment & Authorization (SA&A) Team to lead the security assessment, accreditation, and authorization of a high-impact, enterprise-scale

Our valued public sector client is seeking a Senior Security Assessment & Authorization (SA&A) Team to lead the security assessment, accreditation, and authorization of a high-impact, enterprise-scale analytics and AI-enabled decision platform operating in a highly regulated environment.

Background:

The organization is undertaking a major initiative to deploy advanced analytics and artificial intelligence capabilities to support enterprise decision-making across a complex operational ecosystem. The solution spans multiple technology domains, including data platforms, analytics engines, application services, and supporting infrastructure, and must meet stringent security, privacy, and governance requirements prior to operational use.

Due to the sensitivity of the data and the criticality of the platform, the system is subject to a formal Security Assessment and Authorization (SA&A) process. This requires a coordinated, multi-disciplinary security team capable of addressing strategic security planning, detailed threat and risk assessment, and hands-on security architecture and engineering.

To support this effort, the client requires a dedicated SA&A Team composed of three senior roles working together across the full system lifecycle:

• Strategic IT Security Planning & Protection Consultant - providing senior security leadership, policy alignment, and accreditation strategy
• IT Security Threat & Risk Assessment and Certification & Accreditation Analyst - leading formal risk assessments, control assessment, and accreditation evidence
• IT Security Engineer - designing and validating secure technical architectures and configurations

Tasks:

• Lead and execute the end-to-end Security Assessment and Authorization (SA&A) lifecycle for an enterprise analytics and AI-enabled platform.
• Review solution, architecture, and program documentation to ensure alignment with applicable government security policies, standards, and risk management frameworks.
• Conduct Threat Assessments (TA), Vulnerability Assessments (VA), and Harmonized Threat and Risk Assessments (HTRA), including assessment of residual risk.
• Design, assess, and validate security architectures incorporating defence-in-depth, zoning, segmentation, and access control principles across on-prem and cloud-enabled components.
• Analyze technical threat vectors affecting networks, cloud services, applications, data platforms, and emerging technologies, and recommend effective safeguards.
• Tailor and assess security control baselines using recognized frameworks (e.g., ITSG-33, NIST SP 800-53, or equivalent), and evaluate control maturity and effectiveness.
• Develop and maintain SA&A artifacts including System Security Plans (SSP), Security Assessment Plans, Statements of Sensitivity, POA&Ms, and authorization packages.
• Support authorization decision-making by preparing executive-level risk summaries, options analyses, and accreditation recommendations.
• Provide security advisory services for emerging technologies, including cloud services, advanced analytics, AI/ML workloads, and data-centric architectures.
• Engage with architects, engineers, data specialists, and stakeholders to embed Security by Design principles throughout solution design and implementation.

Must Haves:

• Cyber Security in protected environments (secret) - 10+ years
• Security certifications: CISSP, CISM, CGRC or CAP