The Cybersecurity Inspector performs objective, repeatable, evidence-based inspections to verify the existence, implementation, and operational status of security controls required under ITSP.10.171 โ Government of Canada Security Controls for Protecting Specified Information in non-Government of Canada systems and organizations. The role emphasizes direct observation and verification of controls with minimal interpretive judgement, supporting certification, compliance, and remediation activities. The Cybersecurity Inspector supports the Cybersecurity Assessor in the collection of evidence relevant to the incoming CPCSC certification
- Plan and prepare inspections by reviewing scope, applicable controls, and inspection procedures in compliance with ADGA and accreditation body requirements (as applicable).
- Conduct physical, procedural, and technical inspections through direct observation and repeatable testing guided by ITSP.10.171A
- Verify control presence, configuration, and operational status against ITSP.10.171 requirements and guided by ITSP.10.171A
- Collect and preserve objective evidence (e.g., screenshots, configuration outputs, logs, interview notes)
- Document findings in clear, condition-based language and maintain chain-of-evidence integrity
- Identify, classify, and report non-conformities and deficiencies
- Produce inspection reports summarizing observed conditions and compliance status
- Perform follow-up inspections to verify corrective actions
- Contribute to continuous improvement of inspection tools, checklists, and processes