Information Security Analyst

Information Security Analyst

Category: Cyber Security
City: Toronto, Ontario, Canada
Position ID: J1021-3034
Employment Type: Full Time

Meet our professionals

CGI Insights you can act on

Position Description:

As a Senior Consultant, you will join Information Security department to continue our journey and evolve the enterprise wide Application and Data Security programs, which strive to ensure that all applications and data across the enterprise have security built into their life cycle, thereby enhancing overall security landscape and protecting Our Bank, Our Clients, and Our Employees. You will be working on data protection / encryption type initiatives with tools like Protegrity, Voltage more a cyber-security perspective.

Your future duties and responsibilities:

• Perform Data Exposure Analysis and drive forward risk reduction activities as part of the Digital Crown Jewels Program.
• Provide strategic thought leadership, building and regularly updating our banks strategic roadmaps and product backlogs for the domain of Data Security.
• Lead the evaluation of new and proposed security systems and technologies to improve data protection of enterprise critical assets and Digital Crown Jewels.
• Collaborate with key architecture, development, operations and infrastructure stakeholders to implement continuous improvements, identify new business requirements and govern the effectiveness of data security services and controls
• Act as a trusted advisor and security ambassador, influencing the enterprise teams to build security into their design, operating and development pipelines.
• Direct the review, development, testing and implementation of security plans, products and control techniques
• Support and promote the security culture and strategy while influencing infrastructure and application design activities.

Required qualifications to be successful in this role:

• Service Governance - Collaborate with various stakeholders on requirements, support development of business cases and lead subsequent initiatives (including POCs) as product owner to support the strategy. Maintain a continuous improvement mindset, always looking for opportunities for efficiency and to enhance the security of the domain.
• Communication – Build and present documentation to executive management aimed at communicating benefits of proposed security programs, as well as on current potential risks and providing recommendations. Provide awareness and training to the application developments teams of the benefits of web application layer protection services, data protection services, code scanning services, etc. Assess business needs against potential risks and provide your recommendations to enhance our information security landscape.
• Advisory and Relationship Management - Working with the broader team, act as a trusted advisor to influence the application development, operational and infrastructure teams to build security into their design, development and scanning techniques, and to prioritize security vulnerabilities identified using a risk-based approach. Assist in the the identification, assessment, reporting, and management of security risks and design flaws identified in key applications with practical and achievable recommendations. Stay on top of the latest threat landscape and maintain relationships with peers from other banks. Manage the vendor relationship for security services and tools used within the domains of Data Security.
• Data Protection Services - Data protection and data security service management related activities, including scheduling, consulting, onboarding, service governance and improvement. Measure the quality of the service protection and conduct threat update reviews, analysis of logs, trends and usage reports. Drive the improvement in the level of security protection for our enterprise data, specifically Digital Crown Jewels and critical assets..

Who You Are
• You bring passion for industry application security, vulnerability management and data security standards and best practices.
• You can demonstrate experience in data security concepts in a senior level role. You have implemented data protection methodologies to ensure secure design of applications and protection of confidential data. You have been a key contributor or have led data security initiatives (i.e. encryption/tokenization of data (at rest, in flight, in use), data loss prevention) and have a working understanding of data governance and data privacy concepts.
• You have the ability to develop strong relationships across various levels of an organization to bring about a positive result and communicate requirements effectively.
• You’re a certified professional. You have current accreditation and good standing CISSP, CISA, or CISM designation
• You understand that success is in the details. You notice things that others don't. Your critical thinking skills help to inform your decision making.
• You embrace and champion change. You'll continuously evolve your thinking and the way you work in order to deliver your best.
• You give meaning to data. You enjoy investigating complex problems, and making sense of information.

You're confident in your ability to communicate detailed information in a meaningful way.
Values matter to you. You bring your real self to work and you live our values - trust, teamwork, and accountability.


  • Data Analysis

What you can expect from us:

Build your career with us.

It is an extraordinary time to be in business. As digital transformation continues to accelerate, CGI is at the center of this change—supporting our clients’ digital journeys and offering our professionals exciting career opportunities.

At CGI, our success comes from the talent and commitment of our professionals. As one team, we share the challenges and rewards that come from growing our company, which reinforces our culture of ownership. All of our professionals benefit from the value we collectively create.

Be part of building one of the largest independent technology and business services firms in the world.

Learn more about CGI at

No unsolicited agency referrals please.

CGI is an equal opportunity employer. In addition, CGI is committed to providing accommodations for people with disabilities in accordance with provincial legislation. Please let us know if you require a reasonable accommodation due to a disability during any aspect of the recruitment process and we will work with you to address your needs.