Cyber Security Advisor/Architect

Position Description:

CGI is looking for a seasoned Cyber Security Advisor or Architect with experience advising clients in the healthcare sector.
*This role can be situated anywhere in Atlantic Canada within proximity to a CGI office. The successful Candidate must currently reside in Canada and be eligible for security clearance*
CGI is expanding its Health and Life Sciences Team in the Atlantic Region. We are looking for a Cyber Security Advisor to join us on engaging, and professionally rewarding opportunities with both our internal and external delivery engagements. Become part of our team and share your expertise to support the evolution of service solutions and emerging technologies
The ideal candidate will have a strong technical and business understanding of cyber security, with experience advising clients in the healthcare sector as well as experience in IT Consulting sales/business development and have an extensive network in the sector. The successful candidate will have a strong delivery background in the Healthcare Sector and experience working with Nova Scotia Health and/or other Atlantic Provincial Health Authorities and Departments of Health. You would be responsible for the successful delivery of project on time, on budget, and to customer satisfaction, therefore enabling new or extended business relationships. Your focus and priority is on client satisfaction, which you achieve through strategic, well organized and communicative project management as well as through strong team leadership and support to the CGI members (employees) on your delivery team(s).

Your future duties and responsibilities:

The Security Advisor will be responsible for:
Cyber Leadership -
• Serve as the Cyber Security Lead on key projects in the healthcare and life sciences sectors (and possibly other sectors)
• Develop a comprehensive understanding information systems.
• Advise clients acquiring technology tools (software, hardware and/or services) by evaluating business needs, assessing available alternatives, and recommending the preferred approach.
• Creating or updating documentation based on identified cyber security risks and controls and disseminating it.
• Provide policy guidance to Cybersecurity clients' management, staff, and end users.
• Lead and participate in multi-disciplined Health and Government teams with accountability for scope, communications, and control procedures. Translate the business impacts of cyber security requirements to a range of stakeholders in multiple digital service areas and help with the understanding of the cyber security risk.
• Ensure that stakeholder security requirements to protect the business processes are adequately addressed in all aspects of enterprise cyber security architecture including reference models, segment and solution architectures, and the resulting systems supporting those missions and business processes. while partnering with stakeholders across the enterprise to deliver security work program objectives.
• Apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
• Develop or participates in the development of standards for providing, requesting, and/or obtaining support from external and internal stakeholders to synchronize Cybersecurity services.
• Act as an internal consultant to provide expert advice, coaching and mentoring on up-to-date cyber security and risk management methodologies and tools to the program team, business partners, and the vendors.
• Create cyber security documentation, define cyber security key performance indicators, and report on them.
• Lead organizational outreach and promotion of Cybersecurity awareness campaigns, including partnering with public sector and industry partners.
• Build, strengthen, and sustain key relationships with stakeholders across the enterprise including Information Technology, Enterprise Risk & Resiliency, and regional leadership.
• Define and documents efficient and transparent security architecture guidelines regarding proper use and deployment of business applications, data and technology.
• Work closely with the Enterprise Architecture Team, Cybersecurity teams, system owners, contracting authority and provide security design and architecture recommendations.
• Develop and maintain security solution architectures and designs, including but not limited to products and services, e.g. Network and Endpoint Protection, Identity and Access Management, Cloud Security, ICS security, Incident Response and Recovery, Public Key Infrastructure (PKI).
• Keep up-to-date on changes in security threats, technology and security architecture.
• Conduct Cybersecurity threat risk assessments and recommends appropriate controls and countermeasures in alignment with organizational standards and policies.
• Partner with business and Information Technology (IT) stakeholders to plan for future needs.
• Propose and implement innovative solutions to complex and non-routine security challenges.
• Perform other duties as assigned, in accordance with Branch and Department objectives.
Cyber Innovation -
• Continuously conduct research and assess creative methods for improving the I&T risk profile. This position requires the ability to manage, continually motivate and coach staff to ensure they are properly trained, client-focused, professional, and knowledgeable regarding the implementation of l&T risk management. They must understand client priorities and balance business needs against l&T risk management priorities when assigning work program staff.
• "Think outside the box" as well as have the confidence and conviction to introduce new innovative concepts and solutions founded on sound reason and judgement, experience, and expertise. You must apply innovative methods to achieve corporate buy-in, cooperation, alignment and support for new ways of working and doing business.

Required qualifications to be successful in this role:

Education:
• Completion of a University Degree or equivalent education, training, and experience in a relevant discipline such as Computer Science, Computer Engineering, or Information Security.
Qualifications:
• 5 – 10 years of professional experience in a Cybersecurity advisory role.
• 5+ years of experience in cyber security in health sector with a focus on technical security architecture.
• Minimum 3 years' experience in cyber security architecture.
• Experience as a Cyber Security Lead on major projects.
• Working knowledge and experience of cyber security framework and industry standards, such as NIST CSF, NIST - 53, CIS, ISF, SoGP and ISO and Payment Card Industry regulations (PCI DSS).
• Knowledge of and experience in the IT industry – standards creation in Network/Telecom, Security, Server/SAN backup, Database/Middleware or Applications/Reporting
• Advanced knowledge and technical security expertise around IT networks and infrastructure, applications, servers, end points, loT/OT, cloud infrastructure and services etc.
• Experience working within and across remote teams, inter- and intra-organizationally.
• Practical experience in security engineering or consulting to anticipate and address complex security problems.
• Working knowledge of developing and maintaining security architecture principles, strategy and practices, roadmaps, and technical applications to engineer reliable solutions and measures for the business.
• Working knowledge of applying and incorporating information technologies into proposed solutions, translating operational requirements into protection needs (i.e., security control objectives), designing countermeasures to identified security risks, and designing multi-level security/cross domain solutions.
• A deep understanding of how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
• Ability to identify cybersecurity and privacy issues that stem from connections with internal and external customers and partner organizations.
• Proficiency in executing and managing a variety of tasks, problems and programs.
• Ability to work in a fast paced, dynamic and flexible hybrid office environment.
• Ability to assess enterprise risk with proper recommendation in remediation.
• Ability to speak, write and communicate effectively in English; (French an asset)
• Ability to persuade, convince, influence behavior.
• Ability to lead and work in a multi-team environment and drive completion of deliverables.
• Information seeking – ability to acquire, analyze, document and communicate information relevant to the achievement of valued goals.
• Strategic business thinking - ability to apply technical knowledge and experience to making management decisions for maximizing business objectives.
• Team leadership – ability to take a role of strategic advisor, guide and mentor of the team.
Certifications:
• ISC2 Certified Information Systems Security Professional required.
• Hold additional relevant certifications such as CISA, CISM, TOGAF, SABSA, ITIL, ISO /2 or equivalent designation(s) is considered an asset.

#LI-NB5

Skills: