Security Analyst

Position Description:

This is a rare opportunity to join a fast-growing team of information security experts as we transform, enhance, and expand the security program for one of the largest information technology providers in the world. You will join the United States Global Technology Operations (US GTO) Security Strategy and Solutions team supporting governance, risk, and compliance consulting services as well as security service delivery across one or more US-based industries. The successful candidate will have a broad knowledge of current security practices as well as the ability to identify and apply legal, regulatory, and industry-specific security requirements. You will help our clients define and deploy effective security solutions and strategies while addressing ever-changing regulatory and industry compliance challenges. You must be able to collaborate with a variety of technical and management disciplines including infrastructure and security architecture, security operations, application development, project managers, product owners, and others.

This role can be located remotely anywhere in the U.S; with travel between 25-50% of the time.

1. Serve as a security subject matter expert for one or two US-based CGI industry sectors, such as finance, insurance, healthcare, energy, or state and local government.
2. Understand how to apply legal, regulatory, and industry-specific security requirements and practices, such as those described under Required Qualifications.
3. Analyze and design controls to secure on and off-premise private, public, community, and hybrid cloud environments.
4. Participate in ongoing security activities supporting client contracts, including assessing application or infrastructure changes for security impacts, developing disaster recovery plans, and producing security reports.
5. Prepare documentation for regulatory submissions and audits, and serve as a point of contact for regulatory interactions.
6. Perform security maturity assessments and assist clients in developing security roadmaps and programs.
7. Assess third-party cloud service providers for compliance with industry standards.
8. Analyze business activities for risk, identify potential losses, and implement risk-reduction policies.
9. Assist in responding to public sector bid solicitations.

• Five years of experience in information security, IT infrastructure, architecture, or applications.
• At least one recognized security certification (e.g., CISSP, CISA, CISM, SANS/GIAC).
• Three years of experience with legal, regulatory, and industry-specific security requirements (e.g., NIST, PCI-DSS, HIPAA, ISO 2700x, FedRAMP, NERC, CIP, SOX, GLBA).
• Experience delivering consulting services and interacting with senior management.
• Experience with risk assessments, controls monitoring, audits, policies, and project management.
• Experience managing multiple vendors.

• Bachelor’s degree from an accredited institution.
• Experience in financial services and/or insurance industries.
• Additional security certifications.
• Security testing experience.
• Experience with Secure SDLC, Agile, DevOps, IAM, virtualization, Linux, Windows, and application development.
• Leadership, problem-solving, and excellent communication skills.

Benefits include competitive compensation, comprehensive health benefits, 401(k), paid leave, and more. CGI is committed to diversity and provides accommodations for applicants with disabilities. For inquiries, email US_Employment_Compliance@cgi.com.