Information Security Risk Analyst
CGI
This job is no longer accepting applications
See open jobs at CGI.See open jobs similar to "Information Security Risk Analyst" QueerTech.Position Description:
The Information Security Risk Analyst plays a critical role in identifying, evaluating, and mitigating risks that threaten the confidentiality, integrity, and availability of CGI information systems and data. This individual will contribute to the development of a mature risk management program that aligns with business goals, assurance requirements, and industry best practices.
Working cross-functionally with IT, business stakeholders, compliance, legal, and external partners, the analyst will assess risks associated with new technologies, digital transformation efforts, regulatory changes, and evolving threat landscapes. This role ensures that security risk decisions are data-driven and documented, and that mitigation strategies are prioritized based on business impact and likelihood.
Your future duties and responsibilities:
Risk Identification & Assessment
• Conducting security related risk assessments within the organizational guidelines of
Enterprise Risk Management.
• Perform in-depth risk assessments for internal systems, cloud services, third-party vendors, and emerging technologies.
• Conduct business impact analyses to evaluate the consequences of security incidents and define criticality levels for systems and data.
• Utilize industry-standard frameworks (NIST RMF, ISO 27005, FAIR, etc.) to quantify and communicate risk posture.
• Analyze threat intelligence feeds and integrate them into risk models to better anticipate and respond to future risks.
Risk Mitigation & Treatment Planning
• Develop and maintain a formal risk register that tracks identified risks, treatment plans, and residual risk.
• Collaborate with asset owners and IT teams to recommend and validate risk mitigation measures.
• Support decision-making by preparing cost-benefit analyses of remediation strategies vs. accepted risk.
Policy, Compliance/Assurance & Governance Support
• Ensure that internal policies and procedures reflect risk tolerance and evolving legal/regulatory obligations (e.g., GDPR, HIPAA, SOX, PCI DSS).
• Assist in conducting gap analyses against compliance standards and frameworks.
• Partner with audit teams to ensure security risks are tracked through issue management lifecycles.
Third-Party & Vendor Risk Management
• Conduct due diligence on vendors and partners during onboarding and periodically thereafter.
• Leverage security questionnaires, SOC 2/ISO 27001 reports, and penetration test results to validate vendor risk posture.
• Track and report third-party risks and collaborate on vendor exit and contingency planning.
Reporting & Metrics
• Create risk dashboards and executive-level reports showing trends, key risk indicators (KRIs), and remediation progress.
• Present findings to stakeholders, boards, or governance committees, translating technical risk into business context.
• Use GRC tools to automate risk scoring, control tracking, and evidence collection.
Awareness & Training
• Collaborate with security awareness teams to align training programs with risk findings and trends.
• Educate internal stakeholders on security risk management practices, control expectations, and emerging threats.
Required qualifications to be successful in this role:
Education & Credentials
• Bachelor's degree in Information Security, Cybersecurity, Computer Science, Risk Management, or related field.
• Preferred certifications: - CRISC (Certified in Risk and Information Systems Control) - CISSP (Certified Information Systems Security Professional) - CISM (Certified Information Security Manager) - CISA (Certified Information Systems Auditor)
Professional Experience
• 3–6 years in information security, IT risk, audit, or compliance roles.
• Proven experience conducting risk assessments and applying controls across complex technical environments (on-prem, cloud, hybrid).
• Exposure to security tools and platforms such as: - GRC suites (e.g., Archer, ServiceNow GRC, LogicManager) - SIEMs (e.g., Splunk, QRadar) - Vulnerability scanners (e.g., Qualys, Tenable) - Identity & Access Management platforms (e.g., Okta, Azure AD)
Success Criteria & Soft Skills
• Analytical Thinking: Able to balance qualitative and quantitative risk approaches; excels in root cause analysis.
• Communication: Can convey risk issues in plain language to technical and non-technical audiences.
• Collaboration: Effectively builds relationships with cross-functional stakeholders.
• Adaptability: Thrives in a fast-paced, evolving regulatory and threat landscape.
• Integrity: Maintains impartiality and protects sensitive information with discretion.
Optional/Preferred Experience
• Familiarity with:
• Data privacy laws and data protection impact assessments (DPIAs)
• Cloud security (e.g., AWS Well-Architected Framework, Azure security benchmarks)
• Emerging Technologies (Artificial Intelligence, Quantum Computing, etc.)
• Hands-on experience with quantitative risk analysis methodologies (e.g., FAIR)
#LI-KM1
Skills:
- Incident Management
- IT Service Management
- Security Operations Center
What you can expect from us:
Together, as owners, let’s turn meaningful insights into action.
Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, you’ll reach your full potential because…
You are invited to be an owner from day 1 as we work together to bring our Dream to life. That’s why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company’s strategy and direction.
Your work creates value. You’ll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise.
You’ll shape your career by joining a company built to grow and last. You’ll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons.
Come join our team—one of the largest IT and business consulting services firms in the world.
This job is no longer accepting applications
See open jobs at CGI.See open jobs similar to "Information Security Risk Analyst" QueerTech.