Cybersecurity Risk & Governance Consultant
Ottawa, Canada
2d ago

Position Description :

Cybersecurity Risk & Governance Consultant

Anywhere in Canada

We are reaching out to Cybersecurity Risk and Compliance candidates to become part of the CGI team. Join a Global organization offering a diversity of rewarding challenges!

Our employees work on highly dynamic, exciting and fast-paced IT projects. As a trusted partner to our clients, you will work as an integral part of a larger cybersecurity team fully invested in the mission of delivering the most appropriate and effective cybersecurity for our clients across Canada.

The Intermediate Cybersecurity Risk & Compliance Consultant is an experienced cybersecurity practitioner who will apply their expert knowledge and experience as follows :

  • Participate as a cybersecurity consultant as part of larger capability deployment team to define, address and validate the fulfilment of security measures intended to fulfil the clients security requirements;
  • Assess client enterprise environments, systems, policies, governance and procedures to identify gaps and variances from recognized cybersecurity best practices and provide sound recommendations for remediation;
  • Alone or as part of a team, develop security and risk related documentation to establish or improve the clients cybersecurity program;
  • Conduct the full span of security accreditation and authorization activities to allow clients to implement trusted operations on environments, systems and services within a balanced and managed level of acceptable risk; and

    Create and deliver presentations and / or discuss technical options and solutions with clients, inspiring confidence and forming strong trusted relationships between CGI and our clients.

    Your future duties and responsibilities :

  • Conduct security risk and compliance assessments of client enterprise systems and environments to determine cybersecurity vulnerabilities and risks;
  • Develop security test plans, test cases, gather and validate test results against compliance requirements;
  • Conduct required information gathering through interviews, workshops, questionnaires and documentary evidence;
  • Provide cybersecurity analysis of information gathered to identify vulnerabilities, risks and compliance gaps;
  • Provide recommendations to reduce residual risks to levels that are prudent and acceptable to the client;
  • Either alone, or as part of a team, conduct IT certification assessments to meet requirements outlined in security standards and achieve accreditation and / or Authority To Operate, including Security Assessment & Authorization (SA&A) activities under the ITSG-33 methodology;
  • Create reports and presentations of a high standard, demonstrating excellent communications skills in English (mandatory) and French (desirable).

    Required qualifications to be successful in this role :

  • Minimum six years of directly relevant cybersecurity risk management experience;
  • Sound objective knowledge of security topologies, network security best practices and the application of suitable security safeguards;
  • A sound knowledge of security monitoring and response capabilities in conventional, Cloud and hybrid environments;
  • A strong understanding and experience with common security standards and frameworks, including but not limited to NIST SP 800-53, ISO 27001 / 2, PCI, GDPR, SCADA, SWIFT, etc;
  • Sound knowledge of Government of Canada security guidelines and standards, including but not limited to ITSG-33 and the technical control requirements of the Security Assessment & Authorization (SA&A) process;
  • Experience working with proposals and RFP submissions, including estimating effort, cost and schedules

    A strong ability to collaborate and be part be part of an effective team; and

    Ability to speak, write and communicate clearly and effectively in fluent English.

    Desirable :

  • Effective written and verbal communication skill in French;
  • Training and certification in Cloud environments, especially those related to Cloud governance and security; and

    The ability to obtain a Government of Canada Secret (Level II) security clearance.

    Skills :
  • Cyber
  • NIST
  • Security Assessment
  • Report this job

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    My Email
    By clicking on "Continue", I give neuvoo consent to process my data and to send me email alerts, as detailed in neuvoo's Privacy Policy . I may withdraw my consent or unsubscribe at any time.
    Application form