Security Lead

Category: Cyber Security

Main location: United States, Georgia, Atlanta

Alternate Location(s): United States, Texas, Houston

United States, Texas, Dallas

United States, Alabama, Birmingham

United States, North Carolina, Charlotte

Position ID: J0125-1973

Employment Type: Full Time

Position Description:

This is a rare opportunity to join a fast-growing team of information security experts as we transform, enhance, and expand the security program for one of the largest information technology providers in the world. You will join the United States Global Technology Operations (US GTO) Security Strategy and Solutions team supporting governance, risk, and compliance consulting services as well as security service delivery across one or more US-based industries.

The Security Lead, also known as a Security Manager or Chief Security Officer (CSO), is a critical role within an organization, responsible for overseeing the security operations and ensuring the safety of both physical and digital assets.

The Security Lead works collaboratively with Information Technology leadership and senior leaders within the organization to establish information security programs. This includes information security policy, practices, and standards; information security awareness and training; information security incident response and management; risk assessment and management; and information security-related IT architecture. The Security Lead oversees a team of five professionals.

The environment is collaborative, collegial, and dynamic, both challenging and rewarding. The Security Lead will supervise a team of very experienced information security staff consisting of full-time employees, part-time employees, and contractors. The successful candidate will have a broad knowledge of current security practices as well as the ability to identify and apply legal, regulatory, and industry-specific security requirements. You will help our clients define and deploy effective security solutions and strategies while addressing ever-changing regulatory and industry compliance challenges. You must be able to collaborate with a variety of technical and business personnel.

This position can be located near any CGI office within the U.S. This position will work within a hybrid environment.

Your future duties and responsibilities:

1. Developing Security Policies and Procedures

2. One of the primary responsibilities of a Security Lead is to develop comprehensive security policies and procedures. These guidelines must cover various aspects of security, including physical security, cyber security, and data protection. By establishing clear policies, the Security Lead ensures that all employees understand and adhere to the organization's security requirements.

3. Risk Assessment and Management

4. The Security Lead is responsible for conducting regular risk assessments to identify potential security threats and vulnerabilities. This involves analyzing the organization's assets, evaluating the potential risks, and implementing measures to mitigate these risks. Effective risk management helps in preventing security breaches and minimizing damage in case of an incident.

5. Implementing Security Measures

6. Based on the identified risks, the Security Lead must implement appropriate security measures. This can include installing surveillance systems, access control mechanisms, and cybersecurity tools. Ensuring that these measures are up-to-date and effective is crucial for maintaining the overall security posture of the organization.

7. Monitoring Security Operations

8. Continuous monitoring of security operations is a vital duty of the Security Lead. This involves overseeing the operation of security systems, monitoring for potential security incidents, and responding promptly to any alerts or breaches. The Security Lead must ensure that all security measures are functioning correctly and that any issues are addressed immediately.

9. Incident Response and Management

10. In the event of a security incident, the Security Lead is responsible for managing the response. This includes coordinating with relevant teams, investigating the incident, and taking corrective actions to resolve the issue. Additionally, the Security Lead must conduct a post-incident analysis to identify lessons learned and improve future incident response strategies.

11. Training and Awareness

12. Educating employees about security best practices is another critical duty of the Security Lead. This involves organizing regular training sessions and awareness programs to ensure that all staff members are aware of potential security threats and know how to protect themselves and the organization. Effective training helps in creating a security-conscious culture within the organization

13. Compliance and Regulatory Requirements

14. The Security Lead must ensure that the organization complies with all relevant security regulations and standards. This includes staying up-to-date with changes in laws and regulations, conducting regular audits, and implementing necessary changes to remain compliant. Non-compliance can result in severe penalties and damage to the organization's reputation.

15. Liaison with External Agencies

16. The Security Lead often acts as the primary point of contact between the organization and external security agencies, such as law enforcement, regulatory bodies, and cybersecurity experts. Building and maintaining strong relationships with these agencies is essential for effective collaboration and support during security incidents.

17. Budget Management

18. Managing the security budget is another important duty of the Security Lead. This involves planning and allocating resources for various security initiatives, ensuring that the organization invests in the right security technologies and solutions. Effective budget management helps in optimizing the organization's security spending and achieving the best possible outcomes.

19. Leadership and Team Management

20. As a leader, the Security Lead must guide and mentor the security team. This involves setting clear goals, providing regular feedback, and ensuring that the team has the necessary skills and resources to perform their duties effectively. Strong leadership is crucial for maintaining a motivated and efficient security team.

21. Reporting and Documentation

22. The Security Lead is responsible for maintaining detailed records of all security activities, incidents, and audits. Regular reporting to senior management and other stakeholders is essential for keeping them informed about the organization's security status and any potential issues. Accurate documentation also helps in demonstrating compliance with regulatory requirements.

23. Continuous Improvement

24. Security is an ever-evolving field, and the Security Lead must continuously seek ways to improve the organization's security posture. This involves staying informed about the latest security trends, technologies, and best practices. By adopting a proactive approach, the Security Lead can ensure that the organization remains ahead of potential threats.

Travel between 25-50% of time.

Required qualifications to be successful in this role:

Minimum Education: High School Diploma/GED

Knowledge & Skills:

Cybersecurity Fundamentals: Deep understanding of cybersecurity principles, best practices, common threats and vulnerabilities.

Network Security: Proficiency in firewalls, VPNs, IDS/IPS, network monitoring, and common networking protocols (TCP/IP, DNS, DHCP).

Operating System Security: Ability to secure Windows, Linux, and Unix environments.

Application Security: Understanding of secure coding practices and application security.

Cryptography: Knowledge of encryption techniques, protocols, and key management.

Vulnerability Management: Experience with vulnerability assessment, penetration testing tools, and methodologies.

Cloud Security: Familiarity with securing cloud-based infrastructure and services.

Compliance: Knowledge of regulations like GDPR, HIPAA, PCI DSS, and implementing security controls.

Security Tools: Proficiency with SIEM, endpoint protection, IDS, vulnerability scanners.

Security Frameworks: Understanding of NIST Cybersecurity Framework, ISO 27001, or CIS Controls.

Scripting: Knowledge of Python or PowerShell for automation and data analysis.

Analytical Skills: Ability to identify, assess, and remediate security risks and incidents.

Communication: Strong written and verbal communication skills, with the ability to explain security concepts to technical and non-technical audiences.

Collaboration: Experience working with cross-functional teams and delivering security awareness training.

Desirable Certifications: CISSP, CEH, CISM, CCSP, or GIAC.

CGI anticipates accepting applications for thus position through February 28, 2025.

“CGI is required by law in some jurisdictions to include a reasonable estimate of the compensation range for this role. The determination of this range includes various factors not limited to skill set, level, experience, relevant training, and licensure and certifications. To support the ability to reward for merit-based performance, CGI typically does not hire individuals at or near the top of the range for their role. Compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range for this role in the U.S. is $122,200 - $228,700.”

CGI’s benefits are offered to eligible professionals on their first day of employment to include:

• Competitive compensation including profit participation program

• Comprehensive medical, dental, and vision benefits

• Basic life and accidental death & dismemberment insurance

• Matching contributions through 401(k) plan, and CGI share purchase plan

• Flexibility and paid accrued vacation leave, ranging from 10 to 20 days per year, based on job level, years of relevant prior experience, and years of service

• 10 paid holidays per year

• At least 80 consecutive hours of paid sick/safe leave (except where applicable state/local law requires more)

• Paid parental leave, ranging from 20 to 70 consecutive business days based on circumstances of leave and applicable laws

• Bereavement leave, ranging from 1 to 7 days per year based on relationship.

• Paid jury duty leave, up to time summoned

• Learning opportunities and tuition assistance

• Wellness and Well-being programs

For more detailed information about our benefits offerings visit Benefits | CGI Careers

Please note that the benefits listed above are subject to change based on the specific terms and conditions of the contract being supported.

Skills:

• Ethical Hacking

• Linux

• Network Security

What you can expect from us:

Together, as owners, let’s turn meaningful insights into action.

Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, you’ll reach your full potential because…

You are invited to be an owner from day 1 as we work together to bring our Dream to life. That’s why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company’s strategy and direction.

Your work creates value. You’ll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise.

You’ll shape your career by joining a company built to grow and last. You’ll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons.

Come join our team—one of the largest IT and business consulting services firms in the world.

Qualified applicants will receive consideration for employment without regard to their race, ethnicity, ancestry, color, sex, religion, creed, age, national origin, citizenship status, disability, pregnancy, medical condition, military and veteran status, marital status, sexual orientation or perceived sexual orientation, gender, gender identity, and gender expression, familial status or responsibilities, reproductive health decisions, political affiliation, genetic information, height, weight, or any other legally protected status or characteristics.

CGI provides reasonable accommodations to qualified individuals with disabilities. If you need an accommodation to apply for a job in the U.S., please email the CGI U.S. Employment Compliance mailbox at USEmploymentCompliance@cgi.com . You will need to reference the Position ID of the position in which you are interested. Your message will be routed to the appropriate recruiter who will assist you. Please note, this email address is only to be used for those individuals who need an accommodation to apply for a job. Emails for any other reason or those that do not include a Position ID will not be returned.

We make it easy to translate military experience and skills! Clickhere (https://cgi-veterans.jobs/) to be directed to our site that is dedicated to veterans and transitioning service members.

All CGI offers of employment in the U.S. are contingent upon the ability to successfully complete a background investigation. Background investigation components can vary dependent upon specific assignment and/or level of US government security clearance held. Dependent upon role and/or federal government security clearance requirements, and in accordance with applicable laws, some background investigations may include a credit check. CGI will consider for employment qualified applicants with arrests and conviction records in accordance with all local regulations and ordinances.

CGI will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with CGI’s legal duty to furnish information.