Cybersecurity Risk & Governance Consultant
Anywhere in Canada
We are reaching out to Cybersecurity Risk and Compliance candidates to become part of the CGI team. Join a Global organization offering a diversity of rewarding challenges!
Our employees work on highly dynamic, exciting and fast-paced IT projects. As a trusted partner to our clients, you will work as an integral part of a larger cybersecurity team fully invested in the mission of delivering the most appropriate and effective cybersecurity for our clients across Canada.
The Cybersecurity Risk & Compliance Consultant is an experienced cybersecurity practitioner who will apply their expert knowledge and experience as follows:
•Participate as a cybersecurity consultant as part of larger capability deployment team to define, address and validate the fulfilment of security measures intended to fulfil the client’s security requirements;
•Assess client enterprise environments, systems, policies, governance and procedures to identify gaps and variances from recognized cybersecurity best practices and provide sound recommendations for remediation;
•Alone or as part of a team, develop security and risk related documentation to establish or improve the client’s cybersecurity program;
•Conduct the full span of security accreditation and authorization activities to allow clients to implement trusted operations on environments, systems and services within a balanced and managed level of acceptable risk; and
•Create and deliver presentations and/or discuss technical options and solutions with clients, inspiring confidence and forming strong trusted relationships between CGI and our clients.
Your future duties and responsibilities
•Conduct security risk and compliance assessments of client enterprise systems and environments to determine cybersecurity vulnerabilities and risks;
•Develop security test plans, test cases, gather and validate test results against compliance requirements;
•Conduct required information gathering through interviews, workshops, questionnaires and documentary evidence;
•Provide cybersecurity analysis of information gathered to identify vulnerabilities, risks and compliance gaps;
•Provide recommendations to reduce residual risks to levels that are prudent and acceptable to the client;
•Either alone, or as part of a team, conduct IT certification assessments to meet requirements outlined in security standards and achieve accreditation and/or Authority To Operate, including Security Assessment & Authorization (SA&A) activities under the ITSG-33 methodology;
•Create reports and presentations of a high standard, demonstrating excellent communications skills in English (mandatory) and French (desirable).
Required qualifications to be successful in this role
•Minimum six years of directly relevant cybersecurity risk management experience;
•Sound objective knowledge of security topologies, network security best practices and the application of suitable security safeguards;
•A sound knowledge of security monitoring and response capabilities in conventional, Cloud and hybrid environments;
•A strong understanding and experience with common security standards and frameworks, including but not limited to NIST SP 800-53, ISO 27001/2, PCI, GDPR, SCADA, SWIFT, etc;
•Sound knowledge of Government of Canada security guidelines and standards, including but not limited to ITSG-33 and the technical control requirements of the Security Assessment & Authorization (SA&A) process;
•Experience working with proposals and RFP submissions, including estimating effort, cost and schedules
•A strong ability to collaborate and be part be part of an effective team; and
•Ability to speak, write and communicate clearly and effectively in fluent English.
Desirable:
•Effective written and verbal communication skill in French;
•Training and certification in Cloud environments, especially those related to Cloud governance and security; and
•The ability to obtain a Government of Canada Secret (Level II) security clearance.