Warning - it's a bit long post, apologies for that in advance. But, can you guys provide me your opinion / advise please? As per my previous post, I'm sending my application today - so a bit in panic attack mode. I saw lot of reasons of rejection as "insufficient details for NOC experience", and hence insecure a bit.
Here's what I'm sending to CIC:
0. A cover letter describing which document refers to what information, so that they don't miss anything.
1. Current Company letterhead experience letter - with job title and employment start date
2. Manager signed letter (plain A4), with his ID card and visiting card
3. My ID card and visiting card
4. Affidavit by me stating I don't have job description on company letterhead due to policy issue and also listing the main duties
5. Joining letter, promotion letter, current annual compensation letter, salary slips
6. Time sheet / service hours summary to highlight 40 hour/week job
Question: Is this sufficient? Or shall I approach the company senior management to provide me a letter on exceptional basis??
And secondly -
could someone tell me if these main duties match to NOC 2171 "system security analyst" role (from CIC: "Systems security analysts confer with clients to identify and document requirements, assess physical and technical security risks to data, software and hardware, and develop policies, procedures and contingency plans to minimize the effects of security breaches.").
Main duties:
• Identify client requirements for conducting assessment of their IT infrastructure (software and hardware) and IT policies, procedures, methodologies, and processes
• Develop an integrated IT security assessment framework based upon various regulatory requirements, industry standards, and client requirements
• Conduct thorough assessment of client’s IT infrastructure and IT security posture in order to identify implementation gaps
• Document assessment findings and provide detailed reports to client’s management team indicating current capabilities, gaps, and suggested improvements for various IT security areas, such as access control, data encryption, physical security controls, security incident management, business continuity management, network security, etc.
• Review Information & Technology risk methodologies, frameworks, and processes implemented by clients, and identify gaps & scope of improvement
• Assist clients in prioritizing the risks based upon various parameters (threats, vulnerabilities, likelihood, impact) and develop risk mitigation strategy based upon industry standard methodologies and specific scenarios
• Design IT risk management strategy for clients based upon their unique risk scenarios and assessment results; Develop implementation roadmaps to deploy selected IT risk management strategy in client environment
• Review clients organizational structure and management environment, and design enterprise-wise or division specific IT Security Policies and Standards in order to control the IT environment and ensure high-level direction and standardization to prevent IT security incidents and breaches
• Develop specific technology standards to safeguard client’s IT environment and technologies from internal and external threats; develop operating system hardening standards for securing critical systems from known vulnerabilities
• Develop information security incident management processes and disaster recovery standards/processes to recover organization’s IT infrastructure from severe security incidents
Appreciate your inputs and this will be my last question, promise!!