Senior Cyber Security Advisor
CGI has a career opportunity for an experienced Senior Security Advisor.
Duration: Full time Permanent role
Location: Ottawa, Ontario Canada
As a senior member of the Cyber Risk & Resilience practice, you will contribute to providing IT Security Governance, Risk Management and Security Analysis support and services to our clients across the country and in a wide range of industry sectors. You will also support the development and delivery of our national and global expertise in security risk management and will have the opportunity to collaborate with security and IT experts across CGI, globally.
Our clients include many of the largest and best-known organizations in Canada and span government, financial services, energy, retail, healthcare, education, software, and manufacturing sectors, among others. In this position, you will be able to grow and learn new skills though exciting interactions with clients and other CGI teams across Canada and the world.
You will be able to leverage your experience and interest in many technologies and apply your analytical skills to identify and assess risk to our clients. You will consider assessment of compliance and maturity against industry recognized security standards and, as a trusted advisor, help your clients understand cyber risk in the context of their organizational objective. You will apply your IT security knowledge to provide our clients with recommendations for effective risk mitigation strategies and support them in their efforts to achieve security accreditation/authorization. You will demonstrate your effective oral and written communication skills by conducting security assessments, writing detailed reports, and presenting findings to clients at all levels, including senior executives. You will work independently, or as a team with experienced security specialists, to develop and deliver valuable and relevant security and risk management consulting services.
Your future duties and responsibilities
• Work closely with clients, understanding their needs and objectives, and contributing to a strong CGI-client relationship based on trust and delivery excellence;
• Conduct assessments of security risk, maturity and governance and provide senior advisory support for external clients and for internal CGI business units;
• Support implementation of security risk management frameworks, such as described in ITSG-33, and conduct of Security Assessment and Authorization (SA&A) activities in support of Government of Canada clients;
• Assess client information security environments for architectural deficiencies, potential weaknesses, and the effectiveness of existing technical, operational, and management controls and safeguards;
• Participate in and facilitate highly-productive synergy sessions and workshops with clients and other team members;
• Prepare detailed written reports of a high standard and communicate your findings and recommendations effectively, both orally and verbally;
• Analyze and recommend remediation strategies that will address each vulnerability and mitigate risks, while considering client constraints and objectives;
• Conduct security maturity and posture assessments by leveraging industry recognized security best practices, standards and framework and provide recommendations to mitigate areas of unacceptable risk;
• Maintain current knowledge and expertise with relevant security, IT environment, and industry IT trends, particularly those related to threats, vulnerabilities and safeguards.
Required qualifications to be successful in this role
Education and Certifications:
• Minimum of ten (10) years of experience in the IT Security field with at least five (5) years of directly related practical threat and risk assessment experience;
• CISSP, CCSP, CCSK, CISA, CISM, CRISC, CAP certification(s) or equivalent technical IT security and risk management certification of knowledge and experience;
• CIPP/C, CIPM or equivalent privacy certification is desirable;
• Bachelor degree from an accredited university with specialization in Computer Science or a related discipline is desirable.
Must have demonstrated knowledge and experience with the following:
• Excellent understanding of IT security foundation concepts and principals;
• Experience applying IT security concepts to Hybrid or dedicated cloud environments, including SaaS, PaaS and public and/or private cloud implementations;
• Sound knowledge of the application of native-cloud security capabilities to secure sensitive environments;
• Application of formal IT security risk assessment methodologies, such as HTRA, FAIR and ISF IRAM2, to conduct assessments of risk;
• Effective reporting of risk assessment findings and risk mitigation recommendations to executive stakeholders through formal and structured documentation;
• Effective oral presentation of risk assessment findings and recommendations to technical and/or business stakeholders;
• Experience working with industry-recognized security and risk management standards, models, and frameworks, such as ISO 27001, ISO 31000, ITSG-33, NIST Risk Management Framework, NIST Cybersecurity Framework, and ISF;
• Good knowledge of networking, topology, VPNs, VLANs, NAT, switching and routing, and related network security concepts;
• Knowledge of malicious software techniques and defenses;
• Excellent verbal and written communication skills;
• Strong organizational and/or project management skills; and
• A good understanding of current issues in information security and practical methods for addressing them.
Nice To Have
• Experience in assessing and/or applying Canadian federal and provincial privacy legislation and privacy best practices;
• Experience and knowledge of performing security assessments within cloud and cloud-enabled data centre environments;
• Administrative experience with Linux/Unix, MS Windows desktop and server operating systems;
• Security operations experience (firewall / IDS / content filter management, security monitoring and response) and security incident handling experience;
• Knowledge of PCI DSS requirements and demonstration of compliance;
• Testing experience using both automated tools and manual methods to identify and exploit identified weaknesses and vulnerabilities;
• Consulting experience in a client-facing role (will consider support to internal stakeholders) is highly desirable.
• Bilingual in both official Canadian languages
** Must hold or be eligible for Government of Canada Security clearance at Level II – Secret **
Build your career with us.
It is an extraordinary time to be in business. As digital transformation continues to accelerate, CGI is at the center of this change-supporting our clients’ digital journeys and offering our professionals exciting career opportunities.
At CGI, our success comes from the talent and commitment of our professionals. As one team, we share the challenges and rewards that come from growing our company, which reinforces our culture of ownership. All of our professionals benefit from the value we collectively create.
Be part of building one of the largest independent technology and business services firms in the world.
Learn more about CGI at www.cgi.com.
No unsolicited agency referrals please.
CGI is an equal opportunity employer. In addition, CGI is committed to providing accommodations for people with disabilities in accordance with provincial legislation. Please let us know if you require a reasonable accommodation due to a disability during any aspect of the recruitment process and we will work with you to address your needs.
- Certificatn & Accreditatn(C&A)
- Ethical Hacking
- Incident Response
- Malware Engineering