Cybersecurity Advisor (GRC)

Position Description

We are seeking a highly motivated and experienced GRC Consultant in Cybersecurity to join our team. The ideal candidate will play a crucial role in advising and guiding our clients through the complexities of cybersecurity governance, risk management, and compliance. This position requires a deep understanding of cybersecurity frameworks, regulatory requirements, and industry best practices to ensure the organization's information systems and data are secure, compliant, and aligned with overall business objectives.

Location: Flexible on location within proximity to a CGI office to support a Hybrid work model.

Clearance: Must have or be eligible for Reliability Clearance

Your future duties and responsibilities

As a GRC Consultant, you will work closely with senior leadership and cross-functional teams to assess, manage, and mitigate cybersecurity risks, ensuring adherence to global regulations and internal policies. You will be responsible for performing risk assessments, developing compliance strategies, implementing governance frameworks, and supporting incident response and audit processes.

• Risk Assessment and Management:
• Conduct cybersecurity risk assessments to identify and evaluate potential risks, vulnerabilities, and threats to the organization's information systems.
• Develop and implement risk management strategies to minimize risks related to cybersecurity threats.
• Ensure the organization is aware of both internal and external cyber risks and threats and guide them on how to mitigate these risks effectively.
• Perform regular risk reviews and recommend updates to risk management strategies based on emerging threats.
• Governance Framework Development:
• Develop, implement, and maintain cybersecurity governance frameworks aligned with the organization's overall business objectives and regulatory requirements.
• Ensure alignment between the organization’s cybersecurity practices and governance principles with industry standards such as ISO 27001, NIST, or CIS Controls.
• Define clear roles, responsibilities, and accountability within the cybersecurity governance framework to ensure adherence to policies and procedures.
• Compliance Management:
• Ensure the organization complies with relevant cybersecurity laws, regulations, and standards (e.g., GDPR, CCPA, HIPAA, PCI-DSS, SOX).
• Guide organizations in implementing processes and controls to meet compliance requirements.
• Monitor and assess compliance status continuously to identify gaps and address them promptly.
• Support external audits and assessments by preparing necessary documentation and evidence to demonstrate compliance.
• Policy and Procedure Development:
• Develop and implement cybersecurity policies, standards, and procedures that support the organization’s overall security strategy.
• Provide recommendations for updates or improvements to existing cybersecurity policies based on the latest regulatory and industry changes.
• Ensure that cybersecurity policies and procedures are effectively communicated and enforced across the organization.
• Third-Party Risk Management:
• Evaluate and assess cybersecurity risks associated with third-party vendors, partners, and contractors.
• Develop and maintain a third-party risk management process to ensure third-party vendors adhere to the organization’s cybersecurity and compliance standards.
• Collaborate with procurement and legal teams to conduct vendor assessments, audits, and due diligence.
• Incident Response and Remediation:
• Develop and implement an incident response framework to ensure a timely, effective response to cybersecurity incidents.
• Participate in the creation and execution of incident response drills and exercises to evaluate the organization’s preparedness for security breaches.
• Work with IT and security teams to ensure the implementation of corrective actions and root cause analysis after a cybersecurity incident.
• Security Awareness and Training:
• Conduct regular training sessions and awareness programs for employees to improve their understanding of cybersecurity risks, policies, and best practices.
• Develop and distribute materials to educate employees about phishing, social engineering, and other cybersecurity threats.
• Encourage a culture of security within the organization by reinforcing cybersecurity best practices.
• Reporting and Communication:
• Prepare and deliver regular reports to senior management and stakeholders regarding the status of the cybersecurity risk posture, governance, and compliance efforts.
• Communicate complex technical concepts and risk assessments in a clear, understandable manner to non-technical stakeholders.
• Ensure that key performance indicators (KPIs) related to cybersecurity risk and compliance are regularly tracked and reported.
• Audit and Monitoring:
• Oversee and assist with internal and external cybersecurity audits to evaluate adherence to policies, procedures, and compliance requirements.
• Recommend and support the implementation of corrective actions based on audit findings.
• Monitor key cybersecurity metrics and controls to ensure the effectiveness of the risk and compliance programs.

Required Qualifications To Be Successful In This Role

• Security Clearance: Must be eligible for Reliability security clearance.
• Cybersecurity Knowledge: Strong knowledge of cybersecurity frameworks, risk management, and regulatory compliance standards.
• Communication Skills: Ability to communicate effectively with both technical and non-technical stakeholders.
• Analytical Skills: Analytical and problem-solving skills to assess risks and develop appropriate mitigation strategies.
• Attention to Detail: Strong attention to detail and the ability to manage multiple projects and priorities.
• Industry Knowledge: Up-to-date knowledge of industry trends, emerging cybersecurity risks, and regulatory changes.

Relevant Work Experience:

• Experience: 5 year or more of experience in cybersecurity, IT risk management, or compliance-related roles.
• Regulatory Compliance: Direct experience with compliance regulations such as SOX, PCI-DSS, HIPAA, or GDPR
• Audits and Assessments: Experience performing or assisting with security audits or risk assessments

Certified Information Systems Security Professional (CISSP)

Certified Information Security Manager (CISM)

Certified in Risk and Information Systems Control (CRISC)

Certified Information Systems Auditor (CISA)

Certified in Governance, Risk, and Compliance (CGRC)

Certified Ethical Hacker (CEH)

ISO 27001 Lead Implementer / Lead Auditor

NIST Cybersecurity Framework (NCSF)

COBIT 5 Certification