•Perform detailed cloud architectural and cloud infrastructure reviews including reviewing cloud configuration vs best practices and/or standards (e.g. CIS).
•Perform in depth technical reviews from an application security perspective, typically involving Cloud Providers using a standard methodology such as OWASP.
•Leverage industry frameworks such as CCM, NIST etc to ensure a robust cloud framework.
•Help develop and build a framework to ensure a repeatable cloud review process.
•Assist in Vendor risk assessment reviews, in particular 4th party cloud reviews however also review AWS and Azure Third Party risks including completion of due diligence tasks and risk assessments.
•Highly collaborative position required to gather stakeholder input to ensure reviews reach a consensus – including Internal Audit, 2LOD, Global teams (mainly in Paris and / or Bangalore).
•Perform ad hoc analyses and participate in special projects as needed by management.
•7+ years demonstrable experience in a role performing technical analysis with an Information Security component ideally with a focus on Application Security Risks (ideally OWASP) experience with a focus on Cloud Providers.
•5+ years experience with knowledge of configuration and networking from a Public Cloud perspective with hands on experience of AWS, MS Azure or Google cloud.
•Experience with Third Party Risk Management is preferred but not required – in particular cloud providers using IaaS, PaaS or SaaS and ideally in AWS, Azure or GCP
•Experience with compliance frameworks and applicability to cloud for example CCM, NIST, FFIEC, NY DFS.
•Experience with technical architecture in cloud - CIS or other benchmark and configuration preferred.
•Direct experience performing information security risk assessments Cloud applications and Cloud architectures.
•Experience of vendors risk assessments – particularly CSPs such as Azure of AWS. Interpret, identify, and mitigate critical risks factors in a timely manner. Track measure, report, and evaluate vendor performance using a risk-based approach.
•Requires strong analytical skills, problem solving skills, and project/program management skills.
•Solid training in computer disciplines such as application and data security, computer technology or software disciplines.
•Demonstrated ability to perform Vendor Risk assessments through on-site visits and reviewing SSAE18s.
•Solid understanding of the banking industry’s regulatory requirements for managing third parties (e.g., FFIEC).
•Experience working with legal or sourcing as part of contract design to include key provisions for Vendor Risk Management.
•Excellent written and verbal communication skills.
•Proven ability to manage issues through to resolution skilled at making judgment calls.
•Ability to successfully multitask and complete difficult assignments with deadlines which may have short lead times.
•Bachelor's degree or equivalent business experience in Computer Science, Business Management, or MS required.
•Certified training in transversal technical topics, security management, risk and compliance solutions and practices.
•CISSP, CCSP, CISA, CISM, GSEC, CRISC, or related certification(s) preferred.
•AWS or Azure or GCP certification.
What you can expect from us:
Build your career with us.
It is an extraordinary time to be in business. As digital transformation continues to accelerate, CGI is at the center of this change—supporting our clients’ digital journeys and offering our professionals exciting career opportunities.
At CGI, our success comes from the talent and commitment of our professionals. As one team, we share the challenges and rewards that come from growing our company, which reinforces our culture of ownership. All of our professionals benefit from the value we collectively create.
Be part of building one of the largest independent technology and business services firms in the world.
Learn more about CGI at www.cgi.com.
No unsolicited agency referrals please.
CGI is an equal opportunity employer.