Full-Time Cyber Security Consultant

Cyber Security (Control & Risk Assessment - RCMP Clearance) Consultant - Remote / Canada

360 Hours Project

MS Team Interviews

Must have RCMP Clearance

Must have 800-30 skills

Must have 800-53R5 HIGH skills Desirable to have ITSG-33 skills

Service Scope

NIST 800-53 Rev 5 Control Assessment Scope

Policies, Standards, and Procedures

• Up to 250 pages
• Organization has central security policies and a single information security department and IT department.
• Client will review the 800-53 Rev 5 High Controls (including information security and privacy controls) across the client environment as per the requirements of the defined framework.
• For specific applications, Client will focus on the 'ComTech Flexible PSAP Call Management system for 9-1-1 Voice' application with respect to the specific applications in scope for those related (application type) controls.
• Risk assessment on controls
• One environment

NIST 800-30 Risk Assessment Scope

Policies, Standards, and Procedures

• Up to 250 pages
• Organization has central security policies and a single information security department and IT department.
• Client will review the 800-30 (Tier 1)

Control and Risk Assessment

NIST 800-53 Rev 5 Control Assessment

Weekly Status Reports

• Weekly summaries of activities performed, outstanding issues, and requests from both Client 1 and Client 2
• Note: Status Reports are not subject to Deliverable Acceptance

Project Report

• Executive Summary:
  • Overview of project and methodology
  • Abstract of findings - including positive and constructive feedback about current practices
  • Prioritized recommendations (Top 10 list)
• Security Controls Roadmap:
  • Projects and activities
  • Sequence and order
• Excel workbook with NIST 800-53 Rev 5 controls High
• Appendices will include Controls used in baseline, Interviewee list, and a documentation collection list

Formal Presentation

• Presentation (in the standard format) onsite/via web conference to an audience chosen by Client
• Focused on an executive level out-brief, describes the effort executed, provides an overview of the results, and describes the next steps outlined for the organization

NIST 800-30 Risk Assessment

Weekly Status Reports

• Weekly summaries of activities performed, outstanding issues, and requests from both Client 1 and Client 2
• Note: Status Reports are not subject to Deliverable Acceptance

Project Report

• Executive Summary:
  • Overview of project and methodology
  • Abstract of findings - including positive and constructive feedback about current practices
  • Prioritized recommendations (Top 10 list) following observations
• Excel workbook with NIST 800-30 Observations and Recommendations, control maturity and risk ratings
• Controls Roadmap:
  • Projects and activities
• Appendices will include Interviewee list, and a documentation collection list

Formal Presentation

• Presentation (in the standard format) onsite/via web conference to an audience chosen by Client
• Focused on an executive level out-brief, describes the effort executed, provides an overview of the results, and describes the next steps outlined for the organization