Director of Information Security

Category: Cyber Security
Main location: Canada, Ontario, Toronto
Alternate Location(s): Canada, Quebec, Montreal
Canada, Nova Scotia, Halifax
Canada, Ontario, Ottawa
Canada, New Brunswick, Moncton
Canada, Alberta, Calgary
Canada, British Columbia, Vancouver
Position ID: J0323-1217
Employment Type: Full Time

Position Description:

CGI, a global leader in IT service outsourcing is seeking a Director of Security, internally referred to as a Business Unit, Security Business Partner (BUSBP), to support business units across the Canada. The Director of Security is a leadership position that is a direct report to the Vice President of Security for Canada Operations within the Office of the Chief Security Officer.

The role will focus on all aspects of corporate security, from physical, cyber and information security disciplines. The BUSBP is the primary security point of contact to support the business unit in executing CGI security requirements within Canada, responsible for the overall security posture of the business unit and supporting and responding to client security related matters.

Opportunity to work in a converged security environment with exposure to diverse domains.
Membership in a cross-functional security team encompassing physical security, workforce protection, information security and Business Continuity Planning.

Your future duties and responsibilities:

The Business Unit Security Business Partner (BUSBP) manages the implementation of internal corporate policies, procedures, and standards within the Business Unit (BU).

•The BUSBP manages the BU security posture by:
-Assessing and mitigating BU security risks;
-Ensuring that CGI security policies & standards are applied to internal and shared (multi-client) systems;
-Approving & managing security exception requests;
-Implementing security education, training and awareness programs and security communication;
-Developing, implementing and testing Business Continuity plans, including Crisis Management plans;
-Where applicable, maintain compliance to ISO 27001 certification and ensuring its alignment to Enterprise Security Management Framework (ESMF).

•Central Point of Contact for Security within the BU:
-For CGI security audits within the BU, ensuring the BU security program is in alignment with CGI security policies and directives.
-Where applicable, the POC for communicating and supporting client proposals
-Representing the voice of the Strategic Business Unit (SBU – Canada) to contribute to the evolution of ESMF;
-Functions as an extended member of the Global Security team to provide guidance and advice to SBU management and members with regard to the CGI security program (scope covers Information Security/Cybersecurity, Privacy, Physical, BCP, IP protection, Insider Threat & member protection)
•Managing Security Incidents and Crisis/Risk Management:
-Oversee the management of security incidents (including client incidents as needed); escalation to management, risk based incident management;
-Establishing SBU/BU crisis management capabilities
•Reporting on Security Metrics:
-SBU security posture / dashboard: risk level, policy compliance report, incident reports.

Required qualifications to be successful in this role:

•A minimum of eight or more years in an information security role.
•Ability to work independently in a high-stress, often fast paced environment. Within security, and especially during incident response, business hours often do not conform to standard and/or extend beyond the traditional eight-hour “work day”.
•Experience leading the security incident response.
•Experience with client contract (MSA/SOW) reviews based on best practices and company policy
•Expert understanding of risk management principles
•A results-focused approach to work which values service quality, economy and collaboration.
•Demonstrated judgment and the ability to adapt to a dynamic environment.
•Must be a self-motivating, and self-starter capable of operating with little to no supervision to be successful. Candidates that are reliant upon day to day oversight and/or instructions will not be successful in this environment.
•Must be comfortable with executive presentations and general interactions. Must be a proficient public speaker.
•Must be available to perform security functions during non-standard business hours when required.
•More than 3 years of experience in Security SOW/MSA Contract Review
•More than 5 years of experience in Foundational Enterprise Security Technologies
•More than 4 years of experience in Security Risk Analysis and Business Impact Assessment

Desired Qualifications and Education:
•Security related certifications are a plus (e.g. CISSP, CISM, CISA, etc.).
•A Bachelor’s degree or additional years of experience in lieu of.


What you can expect from us:

Insights you can act on

While technology is at the heart of our clients’ digital transformation, we understand that people are at the heart of business success.

When you join CGI, you become a trusted advisor, collaborating with colleagues and clients to bring forward actionable insights that deliver meaningful and sustainable outcomes. We call our employees "members" because they are CGI shareholders and owners and owners who enjoy working and growing together to build a company we are proud of. This has been our Dream since 1976, and it has brought us to where we are today — one of the world’s largest independent providers of IT and business consulting services.

At CGI, we recognize the richness that diversity brings. We strive to create a work culture where all belong and collaborate with clients in building more inclusive communities. As an equal-opportunity employer, we want to empower all our members to succeed and grow. If you require an accommodation at any point during the recruitment process, please let us know. We will be happy to assist.

Ready to become part of our success story? Join CGI — where your ideas and actions make a difference.