Analyst, Vendor Security Risk Management

Analyst, Vendor Security Risk Management

Category: Business Consulting, Strategy and Digital Transformation
City: All Canadian cities, where CGI has presence, Canada
Position ID: J0421-2229
Employment Type: Full Time

Position Description:

As a member of CGI’s Global Security team, the Analyst plays a hands-on role in managing the risk assessments of CGI's 3rd party vendor relationships. The incumbent will support the execution of the defined process and to ensure the program is operating effectively according to expected levels of standards and quality.

We are open to considering candidates who are able to work from any of our CGI locations in Canada. Bilingual (French and English) preferred.

Your future duties and responsibilities:

- Perform security risk assessments of CGI’s third parties who may meet materiality criteria for evaluation
- Ensure timely and accurate reporting of security metrics (KPIs/KRIs)
- Schedule review of security assessments of existing third parties
- Assist security and business operations in the development of acceptable risk mitigation plans
- Execute information security risk and control identification, evaluation, documentation, analysis and reporting using analytical tools to support the process
- Partner with cross functional stakeholders (Global Procurement, Legal, CIO, Business Unit Security teams, etc.)
- Monitor and document all third party risk information, including regular reports for senior leadership & management teams
- Ensure contractual adjustments are made to agreements between CGI and its vendors to include protection of information and facilities
- Assist with the escalation of any issues that may impact business objectives and priorities involving vendor selection
- Perform other duties as deemed necessary

Required qualifications to be successful in this role:

• Bachelor’s Degree or equivalent
• Relevant security certification (CISM/CISA; CISSP, etc.)
- Minimum of three (3) years’ experience in information security
- Experience with producing management reports and developing KPIs
- Expert knowledge of security / risk control frameworks (COBiT, ISO 27001, PCI-DSS, NIST CSF, ITIL), and business continuity / disaster recovery frameworks (ISO 22301, ISO 27031)
- Previous experience working with vendor assessments for a global organization
- Previous experience with reviewing security assessment results (penetration tests, control evaluation, vulnerability assessments, audit results, etc.)

- Highly self-motivated, self-directed and attentive to detail
- Facilitation skills with an ability to build relationships with stakeholders
- Excellent oral, written and interpersonal communication skills


  • IT Governance
  • Risk Management / Analysis
  • Security Assessment
  • Security Audit

What you can expect from us:

Build your career with us.

It is an extraordinary time to be in business. As digital transformation continues to accelerate, CGI is at the center of this change—supporting our clients’ digital journeys and offering our professionals exciting career opportunities.

At CGI, our success comes from the talent and commitment of our professionals. As one team, we share the challenges and rewards that come from growing our company, which reinforces our culture of ownership. All of our professionals benefit from the value we collectively create.

Be part of building one of the largest independent technology and business services firms in the world.

Learn more about CGI at

No unsolicited agency referrals please.

CGI is an equal opportunity employer. In addition, CGI is committed to providing accommodations for people with disabilities in accordance with provincial legislation. Please let us know if you require a reasonable accommodation due to a disability during any aspect of the recruitment process and we will work with you to address your needs.