Cybersecurity Advisor GRC

Position Description:

Federal Security Clearance: An ACTIVE Secret clearance is required for this role
Location: Flexible on location within proximity to a CGI office

We are seeking a highly motivated and experienced GRC Consultant in Cybersecurity to join our team. The ideal candidate will play a crucial role in advising and guiding our clients through the complexities of cybersecurity governance risk management and compliance. This position requires a deep understanding of cybersecurity frameworks regulatory requirements and industry best practices to ensure the organizations information systems and data are secure compliant and aligned with overall business objectives.

Your future duties and responsibilities:

As a GRC Consultant you will work closely with senior leadership and crossfunctional teams to assess manage and mitigate cybersecurity risks ensuring adherence to global regulations and internal policies. You will be responsible for performing risk assessments developing compliance strategies implementing governance frameworks and supporting incident response and audit processes.

Risk Assessment and Management:
Conduct cybersecurity risk assessments to identify and evaluate potential risks vulnerabilities and threats to the organizations information systems.
Develop and implement risk management strategies to minimize risks related to cybersecurity threats.
Ensure the organization is aware of both internal and external cyber risks and threats and guide them on how to mitigate these risks effectively.
Perform regular risk reviews and recommend updates to risk management strategies based on emerging threats.
Governance Framework Development:
Develop implement and maintain cybersecurity governance frameworks aligned with the organizations overall business objectives and regulatory requirements.
Ensure alignment between the organizations cybersecurity practices and governance principles with industry standards such as ISO 27001 NIST or CIS Controls.
Define clear roles responsibilities and accountability within the cybersecurity governance framework to ensure adherence to policies and procedures.
Compliance Management:
Ensure the organization complies with relevant cybersecurity laws regulations and standards (e.g. GDPR CCPA HIPAA PCIDSS SOX).
Guide organizations in implementing processes and controls to meet compliance requirements.
Monitor and assess compliance status continuously to identify gaps and address them promptly.
Support external audits and assessments by preparing necessary documentation and evidence to demonstrate compliance.
Policy and Procedure Development:
Develop and implement cybersecurity policies standards and procedures that support the organizations overall security strategy.
Provide recommendations for updates or improvements to existing cybersecurity policies based on the latest regulatory and industry changes.
Ensure that cybersecurity policies and procedures are effectively communicated and enforced across the organization.
ThirdParty Risk Management:
Evaluate and assess cybersecurity risks associated with thirdparty vendors partners and contractors.
Develop and maintain a thirdparty risk management process to ensure thirdparty vendors adhere to the organizations cybersecurity and compliance standards.
Collaborate with procurement and legal teams to conduct vendor assessments audits and due diligence.
Incident Response and Remediation:
Develop and implement an incident response framework to ensure a timely effective response to cybersecurity incidents.
Participate in the creation and of incident response drills and exercises to evaluate the organizations preparedness for security breaches.
Work with IT and security teams to ensure the implementation of corrective actions and root cause analysis after a cybersecurity incident.
Security Awareness and Training:
Conduct regular training sessions and awareness programs for employees to improve their understanding of cybersecurity risks policies and best practices.
Develop and distribute materials to educate employees about phishing social engineering and other cybersecurity threats.
Encourage a culture of security within the organization by reinforcing cybersecurity best practices.
Reporting and Communication:
Prepare and deliver regular reports to senior management and stakeholders regarding the status of the cybersecurity risk posture governance and compliance efforts.
Communicate complex technical concepts and risk assessments in a clear understandable manner to nontechnical stakeholders.
Ensure that key performance indicators (KPIs) related to cybersecurity risk and compliance are regularly tracked and reported.
Audit and Monitoring:
Oversee and assist with internal and external cybersecurity audits to evaluate adherence to policies procedures and compliance requirements.
Recommend and support the implementation of corrective actions based on audit findings.
Monitor key cybersecurity metrics and controls to ensure the effectiveness of the risk and compliance programs.

Required qualifications to be successful in this role:

Security Clearance: Active Secret Security Clearance is required.
Cybersecurity Knowledge: Strong knowledge of cybersecurity frameworks risk management and regulatory compliance standards.
Communication Skills: Ability to communicate effectively with both technical and nontechnical stakeholders.
Analytical Skills: Analytical and problemsolving skills to assess risks and develop appropriate mitigation strategies.
Attention to Detail: Strong attention to detail and the ability to manage multiple projects and priorities.
Industry Knowledge: Uptodate knowledge of industry trends emerging cybersecurity risks and regulatory changes.
Relevant Work Experience:
Experience: 5 year or more of experience in cybersecurity IT risk management or compliancerelated roles.
Regulatory Compliance: Direct experience with compliance regulations such as SOX PCIDSS HIPAA or GDPR
Audits and Assessments: Experience performing or assisting with security audits or risk assessments

Certified Information Systems Security Professional (CISSP)
Certified Information Security Manager (CISM)
Certified in Risk and Information Systems Control (CRISC)
Certified Information Systems Auditor (CISA)
Certified in Governance Risk and Compliance (CGRC)
Certified Ethical Hacker (CEH)
ISO 27001 Lead Implementer / Lead Auditor
NIST Cybersecurity Framework (NCSF)
COBIT 5 Certification

#LIAB19

Skills:

• Cyber
• IT Security
• Threat Risk Assessment

What you can expect from us:

Together as owners lets turn meaningful insights into action.

Life at CGI is rooted in ownership teamwork respect and belonging. Here youll reach your full potential because

You are invited to be an owner from day 1 as we work together to bring our Dream to life. Thats why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our companys strategy and direction.

Your work creates value. Youll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas embrace new opportunities and benefit from expansive industry and technology expertise.

Youll shape your career by joining a company built to grow and last. Youll be supported by leaders who care about your health and wellbeing and provide you with opportunities to deepen your skills and broaden your horizons.

At CGI we recognize the richness that diversity brings. We strive to create a work culture where all belong and collaborate with clients in building more inclusive communities. As an equalopportunity employer we want to empower all our members to succeed and grow. If you require an accommodation at any point during the recruitment process please let us know. We will be happy to assist.

Come join our teamone of the largest IT and business consulting services firms in the world.