Analyst, Vendor Risk Management
where cgi has presence, Canada
il y a 4j

Position Description :

As a member of CGI’s Global Security team, the Analyst plays a hands-on role in managing the risk assessments of CGI's 3rd party vendor relationships.

The incumbent will support the execution of the defined process and to ensure the program is operating effectively according to expected levels of standards and quality.

We are open to considering candidates who are able to work from any of our CGI locations in Canada. Bilingual (French and English) preferred.

Your future duties and responsibilities :

  • Perform security risk assessments of CGI’s third parties who may meet materiality criteria for evaluation
  • Ensure timely and accurate reporting of security metrics (KPIs / KRIs)
  • Schedule review of security assessments of existing third parties
  • Assist security and business operations in the development of acceptable risk mitigation plans
  • Execute information security risk and control identification, evaluation, documentation, analysis and reporting using analytical tools to support the process
  • Partner with cross functional stakeholders (Global Procurement, Legal, CIO, Business Unit Security teams, etc.)
  • Monitor and document all third party risk information, including regular reports for senior leadership & management teams
  • Ensure contractual adjustments are made to agreements between CGI and its vendors to include protection of information and facilities
  • Assist with the escalation of any issues that may impact business objectives and priorities involving vendor selection
  • Perform other duties as deemed necessary
  • Required qualifications to be successful in this role :

    Education :

  • Bachelor’s Degree or equivalent
  • Certifications :

  • Relevant security certification (CISM / CISA; CISSP, etc.)
  • Experience :

  • Minimum of three (3) years’ experience in information security
  • Experience with producing management reports and developing KPIs
  • Expert knowledge of security / risk control frameworks (COBiT, ISO 27001, PCI-DSS, NIST CSF, ITIL), and business continuity / disaster recovery frameworks (ISO 22301, ISO 27031)
  • Previous experience working with vendor assessments for a global organization
  • Previous experience with reviewing security assessment results (penetration tests, control evaluation, vulnerability assessments, audit results, etc.)
  • Skills :

  • Highly self-motivated, self-directed and attentive to detail
  • Facilitation skills with an ability to build relationships with stakeholders
  • Excellent oral, written and interpersonal communication skills
  • Skills :
  • IT Governance
  • Risk Management / Analysis
  • Security Assessment
  • Security Audit
  • Signaler cette offre d'emploi

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    Mon email
    En cliquant sur « Continuer », je consens au traitement de mes données et à recevoir des alertes email, tel que détaillé dans la Politique de confidentialité de neuvoo. Je peux retirer mon consentement ou me désinscrire à tout moment.
    Formulaire de candidature