IT Security Learning Pathways


Pathway Name

Job titles that may consider this learning pathway

At either the department or enterprise level, individuals in this area are responsible for:

Security Program Management

  • IT Security Coordinator
  • Security Manager
  • Security Program Manager
  • Security Policy Analyst

Developing, implementing, monitoring and reporting on the security program as per the organizational security objectives.

Security Sourcing & Vendor Management

  • Contract security officer
  • Vendor Manager
  • Security Analyst
  • Security Specialist – contracting
  • Project Security Officer

Identifying, documenting, implementing and monitoring of security requirements in all phases of the procurement process and throughout the life cycle of the contract.  As well, ensuring that information, assets, systems and facilities entrusted to industry meet the security requirements and are afforded an appropriate level of protection throughout their life cycle.

Security Requirements Analysis & Management

  • Security Requirements Analyst
  • Security Analyst
  • Security Program Manager
  • Security Manager

Gathering, analyzing, evaluating, reporting and advising on the security requirements to meet organizational requirements.  

Security Strategic Planning

  • Strategic Planner
  • Strategy Development
  • IT Security Coordinator
  • Senior Security Analyst
  • Senior Security Manager

Developing and, in conjunction with other organizational authorities, implementing security strategy and security plan that are integrated with other organizational supports and security objectives.

Security Policy Development & Instruments

  • Security Policy Analyst
  • Security Policy Developer
  • Security Program Manager
  • Security Advisor
  • Security Manager

Developing effective policies and policy instruments that establish security accountabilities, responsibilities, governance mechanisms, management, monitoring and reporting requirements.  As well, ensuring that these are not only aligned with GC legislation and policies, but coordinated and integrated across other organizational activities and functions as required. 

Security Learning and Development

  • Security Awareness Coordinator
  • Security Training Coordinator
  • Security Learning and Development Coordinator
  • Security Analyst

Establishing and delivering security learning and development activities for employees and managers at all levels. This includes planning, designing and implementing security awareness activities and identifying and coordinating the learning and professional development of security practitioners.

Security Assessment & Measurement

  • Security Assessor
  • Security Assessment Analyst
  • Security Program Manager
  • Security Manager
  • Certification and Accreditation (C&A) Analyst

Assessing the implementation and effectiveness of security controls, reporting on the achievement of control objectives, and recommending corrective action to address deficiencies.

Threat and Risk Assessment (TRA)

  • Security analyst
  • Threat & Risk Assessment analyst
  • IT Risk Analyst
  • IT Risk Manager

Providing advice and guidance regarding the threat environment, the overall security risk management process, and security risk treatment options.  As well, identifying assessment tools and interpreting the results of these assessments.

Vulnerability Assessment and Vulnerability Management

  • Vulnerability Analyst
  • Vulnerability Assessor
  • Vulnerability Management Team Member
  • Blue Team Technician
  • Ethical Hacker
  • Compliance Manager
  • Penetration Tester
  • Red team Technician
  • Security Testing and Evaluation Personnel

Monitoring, identifying and managing changes in the threat and vulnerability environments to ensure that security controls are: initially effective, remain current and corrective action is taken when necessary.  This includes planning for, oversight of penetration testing.

Security Architecture, Design & Engineering

  • Security Architect
  • Security Designer
  • Security Engineer
  • Senior Security Analyst

Ensuring security requirements are adequately addressed in all aspects of system design and advising on security-related issues through all phases of the System Development Life-Cycle (SDLC) following the information system security implementation planning framework.

Network/Infrastructure Security Operations

  • Security Analyst
  • Security Engineer
  • System Security Engineer
  • Network Analyst
  • Network Administrator
  • Network Engineer
  • Network Systems Engineer

Monitoring, identifying and managing changes in the zone and perimeter defence to ensure that security controls are: initially effective, remain current and corrective action is taken when necessary.

Software, Apllication and Data Security

  • Application Developer
  • Application Manager
  • Application System Analyst
  • Programmer
  • Programmer Analyst
  • Security Analyst
  • Systems Analyst

Ensuring that security requirements are adequately addressed through all phases of the software development life-cycle including planning, defining, designing, building, testing, deploying as well as disposal.

COMSEC Operations

  • COMSEC Custodian
  • COMSEC Instructor
  • COMSEC Sub-Account Custodian
  • Enterprise Local Element Manager

Generating, receiving, distributing, disposing, destroying and accounting of accountable COMSEC material (ACM) entrusted to their COMSEC Account or Sub-Account. As well, providing cryptographic equipment troubleshooting support and guidance on the use of key.

Incident Handling

  • IT Security Analyst
  • Incident Handler
  • Incident Responder
  • Information Protection Center Team Member
  • Cyber Incident Response Team Member
  • IT Security Incident Recovery Team Member

Responding to IT Security incidents in accordance with the processes and procedures established by the organization. This includes effective handling, administration and reporting through all phases of the event management process.

Research & Development (R&D)/ Product Evaluation

  • IT Security R&D Specialist
  • IT Security Researcher
  • System Security Engineer
  • System Security Architect
  • IT Security Testing and Evaluation Staff

Researching, reviewing, analyzing, and applying GC and industry security standards to various IT security systems, products and processes in support of organizational security.

Digital Forensics

  • Computer Forensics Analyst/Investigator
  • Digital Forensics Analyst/Investigator
  • Mobile Device Forensics Analyst/Investigator
  • Security Investigator
  • Cyber Defence Analyst

Providing legal and effective identification, analysis and investigation of cyber security incidents as directed. As well, providing forensics advice and reporting on forensics activities.

Security Evaluation

  • Security Program Manager
  • Security Evaluator
  • Security Advisor
  • Security Manager
  • Internal Auditor

Evaluating the implementation and effectiveness of security controls, reporting on the achievement of control objectives, and recommending corrective action to address deficiencies identified in performance measurement and evaluations.

Disaster Recovery Planning (DRP)

  • Strategic Security Planner
  • Business Continuity Coordinator
  • Senior Security Analyst
  • Disaster Recovery Analyst
  • Disaster Recovery Planner

Developing and, in conjunction with other departmental authorities, implementing and evaluating a DRP that is integrated with other organizational plans and activities.

Identity, Credential and Access Management (ICAM)

  • Security Analyst
  • System Analyst
  • ICAM Analyst
  • ICAM Specialist

Managing and identifying ICAM requirements in a manner that mitigates risk to personal, organizational and national security, protects program integrity and enables well-managed, citizen-centred service delivery.