Y-Axis Jobs Logo
Send us feedback
telephone  +91 7670 800 001
Log in Sign up Try Premium
Information Security Risk Analyst at CGI
Toronto, ON M5B 2L7, Canada -
Full Time

Start Date

Immediate

Expiry Date

01 Nov, 25

Salary

0.0

Posted On

03 Aug, 25

Experience

6 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

No

Skills

Artificial Intelligence, Platforms, It Service Management, Cloud Security, Plain Language, It, Security Tools, Security Operations Center, Discretion, Quantum Computing, Credentials, Soft Skills, Collaboration, Computer Science, Sensitive Information, Root, Risk

Industry

Financial Services

Description

Category: Cyber Security
Main location: India, Karnataka, Bangalore
Alternate Location(s):
Canada, Ontario, Toronto
Canada, Ontario, Ottawa
Canada, Alberta, Calgary
Position ID: J0725-0311
Employment Type: Full Time

POSITION DESCRIPTION:

The Information Security Risk Analyst plays a critical role in identifying, evaluating, and mitigating risks that threaten the confidentiality, integrity, and availability of CGI information systems and data. This individual will contribute to the development of a mature risk management program that aligns with business goals, assurance requirements, and industry best practices.
Working cross-functionally with IT, business stakeholders, compliance, legal, and external partners, the analyst will assess risks associated with new technologies, digital transformation efforts, regulatory changes, and evolving threat landscapes. This role ensures that security risk decisions are data-driven and documented, and that mitigation strategies are prioritized based on business impact and likelihood.

SKILLS:

  • Incident Management
  • IT Service Management
  • Security Operations Center

Education & Credentials

  • Bachelor’s degree in Information Security, Cybersecurity, Computer Science, Risk Management, or related field.
  • Preferred certifications: - CRISC (Certified in Risk and Information Systems Control) - CISSP (Certified Information Systems Security Professional) - CISM (Certified Information Security Manager) - CISA (Certified Information Systems Auditor

Professional Experience

  • 3–6 years in information security, IT risk, audit, or compliance roles.
  • Proven experience conducting risk assessments and applying controls across complex technical environments (on-prem, cloud, hybrid).
  • Exposure to security tools and platforms such as: - GRC suites (e.g., Archer, ServiceNow GRC, LogicManager) - SIEMs (e.g., Splunk, QRadar) - Vulnerability scanners (e.g., Qualys, Tenable) - Identity & Access Management platforms (e.g., Okta, Azure AD

Success Criteria & Soft Skills

  • Analytical Thinking: Able to balance qualitative and quantitative risk approaches; excels in root cause analysis.
  • Communication: Can convey risk issues in plain language to technical and non-technical audiences.
  • Collaboration: Effectively builds relationships with cross-functional stakeholders.
  • Adaptability: Thrives in a fast-paced, evolving regulatory and threat landscape.
  • Integrity: Maintains impartiality and protects sensitive information with discretion

Optional/Preferred Experience

  • Familiarity with:
  • Data privacy laws and data protection impact assessments (DPIAs)
  • Cloud security (e.g., AWS Well-Architected Framework, Azure security benchmarks)
  • Emerging Technologies (Artificial Intelligence, Quantum Computing, etc.)
  • Hands-on experience with quantitative risk analysis methodologies (e.g., FAIR

How To Apply:

Incase you would like to apply to this job directly from the source, please click here

Responsibilities

YOUR FUTURE DUTIES AND RESPONSIBILITIES:

Risk Identification & Assessment

  • Conducting security related risk assessments within the organizational guidelines of

Enterprise Risk Management.

  • Perform in-depth risk assessments for internal systems, cloud services, third-party vendors, and emerging technologies.
  • Conduct business impact analyses to evaluate the consequences of security incidents and define criticality levels for systems and data.
  • Utilize industry-standard frameworks (NIST RMF, ISO 27005, FAIR, etc.) to quantify and communicate risk posture.
  • Analyze threat intelligence feeds and integrate them into risk models to better anticipate and respond to future risks.

Risk Mitigation & Treatment Planning

  • Develop and maintain a formal risk register that tracks identified risks, treatment plans, and residual risk.
  • Collaborate with asset owners and IT teams to recommend and validate risk mitigation measures.
  • Support decision-making by preparing cost-benefit analyses of remediation strategies vs. accepted risk.

Policy, Compliance/Assurance & Governance Support

  • Ensure that internal policies and procedures reflect risk tolerance and evolving legal/regulatory obligations (e.g., GDPR, HIPAA, SOX, PCI DSS).
  • Assist in conducting gap analyses against compliance standards and frameworks.
  • Partner with audit teams to ensure security risks are tracked through issue management lifecycles.

Third-Party & Vendor Risk Management

  • Conduct due diligence on vendors and partners during onboarding and periodically thereafter.
  • Leverage security questionnaires, SOC 2/ISO 27001 reports, and penetration test results to validate vendor risk posture.
  • Track and report third-party risks and collaborate on vendor exit and contingency planning.

Reporting & Metrics

  • Create risk dashboards and executive-level reports showing trends, key risk indicators (KRIs), and remediation progress.
  • Present findings to stakeholders, boards, or governance committees, translating technical risk into business context.
  • Use GRC tools to automate risk scoring, control tracking, and evidence collection.

Awareness & Training

  • Collaborate with security awareness teams to align training programs with risk findings and trends.
  • Educate internal stakeholders on security risk management practices, control expectations, and emerging threats.

REQUIRED QUALIFICATIONS TO BE SUCCESSFUL IN THIS ROLE:

Education & Credentials

  • Bachelor’s degree in Information Security, Cybersecurity, Computer Science, Risk Management, or related field.
  • Preferred certifications: - CRISC (Certified in Risk and Information Systems Control) - CISSP (Certified Information Systems Security Professional) - CISM (Certified Information Security Manager) - CISA (Certified Information Systems Auditor)

Professional Experience

  • 3–6 years in information security, IT risk, audit, or compliance roles.
  • Proven experience conducting risk assessments and applying controls across complex technical environments (on-prem, cloud, hybrid).
  • Exposure to security tools and platforms such as: - GRC suites (e.g., Archer, ServiceNow GRC, LogicManager) - SIEMs (e.g., Splunk, QRadar) - Vulnerability scanners (e.g., Qualys, Tenable) - Identity & Access Management platforms (e.g., Okta, Azure AD)

Success Criteria & Soft Skills

  • Analytical Thinking: Able to balance qualitative and quantitative risk approaches; excels in root cause analysis.
  • Communication: Can convey risk issues in plain language to technical and non-technical audiences.
  • Collaboration: Effectively builds relationships with cross-functional stakeholders.
  • Adaptability: Thrives in a fast-paced, evolving regulatory and threat landscape.
  • Integrity: Maintains impartiality and protects sensitive information with discretion.

Optional/Preferred Experience

  • Familiarity with:
  • Data privacy laws and data protection impact assessments (DPIAs)
  • Cloud security (e.g., AWS Well-Architected Framework, Azure security benchmarks)
  • Emerging Technologies (Artificial Intelligence, Quantum Computing, etc.)
  • Hands-on experience with quantitative risk analysis methodologies (e.g., FAIR)

LI-KM1