Position Description :
Cybersecurity Risk & Governance Consultant
Anywhere in Canada
We are reaching out to Cybersecurity Risk and Compliance candidates to become part of the CGI team. Join a Global organization offering a diversity of rewarding challenges!
Our employees work on highly dynamic, exciting and fast-paced IT projects. As a trusted partner to our clients, you will work as an integral part of a larger cybersecurity team fully invested in the mission of delivering the most appropriate and effective cybersecurity for our clients across Canada.
The Intermediate Cybersecurity Risk & Compliance Consultant is an experienced cybersecurity practitioner who will apply their expert knowledge and experience as follows :
Participate as a cybersecurity consultant as part of larger capability deployment team to define, address and validate the fulfilment of security measures intended to fulfil the clients security requirements;
Assess client enterprise environments, systems, policies, governance and procedures to identify gaps and variances from recognized cybersecurity best practices and provide sound recommendations for remediation;
Alone or as part of a team, develop security and risk related documentation to establish or improve the clients cybersecurity program;
Conduct the full span of security accreditation and authorization activities to allow clients to implement trusted operations on environments, systems and services within a balanced and managed level of acceptable risk; and
Create and deliver presentations and / or discuss technical options and solutions with clients, inspiring confidence and forming strong trusted relationships between CGI and our clients.
Your future duties and responsibilities :
Conduct security risk and compliance assessments of client enterprise systems and environments to determine cybersecurity vulnerabilities and risks;
Develop security test plans, test cases, gather and validate test results against compliance requirements;
Conduct required information gathering through interviews, workshops, questionnaires and documentary evidence;
Provide cybersecurity analysis of information gathered to identify vulnerabilities, risks and compliance gaps;
Provide recommendations to reduce residual risks to levels that are prudent and acceptable to the client;
Either alone, or as part of a team, conduct IT certification assessments to meet requirements outlined in security standards and achieve accreditation and / or Authority To Operate, including Security Assessment & Authorization (SA&A) activities under the ITSG-33 methodology;
Create reports and presentations of a high standard, demonstrating excellent communications skills in English (mandatory) and French (desirable).
Required qualifications to be successful in this role :
Minimum six years of directly relevant cybersecurity risk management experience;
Sound objective knowledge of security topologies, network security best practices and the application of suitable security safeguards;
A sound knowledge of security monitoring and response capabilities in conventional, Cloud and hybrid environments;
A strong understanding and experience with common security standards and frameworks, including but not limited to NIST SP 800-53, ISO 27001 / 2, PCI, GDPR, SCADA, SWIFT, etc;
Sound knowledge of Government of Canada security guidelines and standards, including but not limited to ITSG-33 and the technical control requirements of the Security Assessment & Authorization (SA&A) process;
Experience working with proposals and RFP submissions, including estimating effort, cost and schedules
A strong ability to collaborate and be part be part of an effective team; and
Ability to speak, write and communicate clearly and effectively in fluent English.
Desirable :
Effective written and verbal communication skill in French;
Training and certification in Cloud environments, especially those related to Cloud governance and security; and
The ability to obtain a Government of Canada Secret (Level II) security clearance.
Skills :
Cyber
NIST
Security Assessment 
