Security Analyst

Join to apply for the Security Analyst role at CGI.

This is a rare opportunity to join a fast-growing team of information security experts as we transform, enhance, and expand the security program for one of the largest information technology providers in the world. You will join the United States Global Technology Operations (US GTO) Security Strategy and Solutions team supporting governance, risk, and compliance consulting services as well as security service delivery across one or more US-based industries. The successful candidate will have a broad knowledge of current security practices as well as the ability to identify and apply legal, regulatory, and industry-specific security requirements. You will help our clients define and deploy effective security solutions and strategies while addressing ever-changing regulatory and industry compliance challenges. You must be able to collaborate with a variety of technical and management disciplines including infrastructure and security architecture, security operations, application development, project managers, product owners, and others.

This role can be located remotely anywhere in the U.S; with travel between 25-50% of the time.

1. Serve as a security subject matter expert for one or two US-based CGI industry sectors, such as finance, insurance, healthcare, energy, or state and local government.
2. Understand how to apply legal, regulatory, and industry-specific security requirements and practices, such as those described under Required Qualifications.
3. Analyze and design controls to secure on and off premise private, public, community, and hybrid cloud environments.
4. Participate in ongoing security-related activities supporting client contracts, including assessing application or infrastructure changes for security impacts, developing disaster recovery plans, and producing security status reports.
5. Coordinate and prepare documentation for regulatory submissions, audits, and inspections, serving as a point of contact with regulatory agencies as needed.
6. Perform security maturity assessments and assist clients in developing security roadmaps and programs.
7. Assess third-party cloud service providers for compliance with industry standards.
8. Analyze business activities for risk, identify potential losses, and implement risk-reduction policies.
9. Assist in responding to public sector bid solicitations.

• Five years of experience in information security, IT infrastructure, architecture, or applications.
• At least one recognized industry certification in information security (e.g., CISSP, CISA, CISM, SANS/GIAC).
• Three years of experience with legal, regulatory, and industry-specific security requirements, such as NIST standards, PCI-DSS, HIPAA, ISO 2700x, FedRAMP, NERC CIP, SOX, or GLBA.
• Experience delivering consulting services including interaction with senior management.
• Experience in risk assessments, controls monitoring, audits, and policy development.
• Experience managing multiple vendors simultaneously.