Operational Security Engineer-Cybersecurity, Risk Management L4

Company Profile:

Founded in 1976, CGI is among the largest independent IT and business consulting services firms in the world. With 94,000 consultants and professionals across the globe, CGI delivers an end-to-end portfolio of capabilities, from strategic IT and business consulting to systems integration, managed IT and business process services and intellectual property solutions. CGI works with clients through a local relationship model complemented by a global delivery network that helps clients digitally transform their organizations and accelerate results. CGI Fiscal 2024 reported revenue is CA$14.68 billion and CGI shares are listed on the TSX (GIB.A) and the NYSE (GIB). Learn more at cgi.com.

Job Title: Operational Security Engineer

Position: Operational Security Engineer

Experience: 7 - 9 Years

Category: IT Infrastructure

Main location: Chennai

Position ID: J0426-0362

Responsibilities

Direct Responsibilities

 Technical Access Management / Privilege Access Management

o Manage and maintain technical/privilege access controls for production and development environments

o Ensure compliance with organizational technical access control security policies and procedures

o Collaborate with IT teams to implement least privilege access and resolve access-related non-compliance

o Review existing CyberArk password management policies and assess the effectiveness of the enforcement through password rotation

o Review technical access segregation between production and development environments with respective support teams

 Data Leakage Prevention (DLP)

o Create, management and maintain DLP policies to detect and prevent data leaks

o Deploy and maintain DLP infrastructure

o Collaborate with IT teams to investigate and respond to data leak incidents

 Identity and Access Management (IAM)

o Collaborate with IT teams to deploy and maintain data encryption solutions

o IAM team to ensure seamless integration with technical access management solutions

o Ensure compliance with organizational IAM policies and procedures

 Data Encryption Deployment & Monitoring

o Collaborate with IT teams to deploy and maintain data encryption solutions

o Ensure compliance with organizational data encryption policies and procedures

 Unstructured & Structured Data Discovery & Activity Monitoring

o Collaborate with IT teams to:

 Deploy and maintain unstructured & structured data discovery and activity monitoring solution

 Identify and classify sensitive data

 Monitor and analyse restricted and sensitive database activities

 Remediate any non-compliant finding reported

 Infrastructure Vulnerability Management

o Responsible to identify, classify, prioritize and remediate vulnerabilities in organization infrastructure.

o Ensure the regular coverage of infrastructure assets in vulnerability assessment by service providers

o Collaborate with IT Dev and Prod teams to remediate identified vulnerabilities and ensure that all remediation efforts are tracked and documented.

o Provide regular reports to management on vulnerability management activities, including identified vulnerabilities, remediation efforts and compliance status.

o Collaborate with IT teams, management and other stakeholders to ensure that vulnerability management efforts are aligned with business objectives.

o Ensure that vulnerability assessment tools such as Rapid7 Nexpose, Tanium, Qualys are configured to meet the expected quality assessment and by fine-tuning the vulnerability assessment plugins.

 Application Security

o Ensure the effective implementation of Secure SDL including the DevSecOps and Threat modelling practices.

o Identify and implement the latest security standards for internet facing and internal assets

o Improve the Vulnerability Management at the application level in terms of efficiency as well as effectiveness (including Static Acceptance Security Testing – SAST, Dynamic Acceptance Security Testing – DAST and Software Composition Analysis – SCA).

o Perform Security risk assessments and reviews to be presented to respective committees

o Ensure the adequate security level for all WM GAIM applications, whatever the IT project manager’s location and hosting provider

 Cybersecurity

o Ensure the protection of WM business data with an adequate security level of WM assets based on review processes

o Ensure the coordination with other IT security or other actors in the region or globally

o Assist for a Risk Treatment for any APAC WM issue, based on the processes

o Identify the IT security risks in advance, record and follow-up them

o Define and contribute to processes from cybersecurity perspective

o Periodic reporting of security status to IT Security Domain Head

o Ensure the regular reporting for management follow-up

o Ensure to follow-up on the DLP, Incident Management topics with by investigating and following with handlers until the issue is closed.

o Ensure to onboard the Assets & Applications in SIEM and handling BAU, create / update relevant documents.

 Production Security

o Ensure the effectiveness and success of vulnerability management process

o Ensure the compliance level of the production environment and integrate to reporting

 IT Security Compliance (delegation on WM APAC scope)

o Ensure the alignment with the Group and WM GAIM security policies, for both project and production assets

o Ensure the compliance with regulatory bodies requirements, including for APAC (HKMA, MAS), EU (GDPR), Switzerland (FINMA)

o Leveraging on a deep knowledge of Security standards such as NIST, CIS, ISO2700x, ensure the compliance with the IT security requirements

o Ensure the compliance with the Third-party Technology risks and the Cloud security

o Identify the process gaps and provide solutions

 Coordination with IT Security actors

o Alignment on the objectives and means, contribution to the different global reporting (WM Cybersecurity Committee, Application Security Dashboard…)

o Coordination and control of security activities performed by APAC Business Information Security and Production Security teams, including production security review, user security awareness for the WM scope.

o Coordination with the global security teams concerning integration of WM assets within production sites

o Keeping abreast of initiatives by the IT Security community within the Group and other IT Security stakeholders within the Group

Technical & Behavioural Competencies

Essential Banking Knowledge

Banking Knowledge and understanding of Wealth Management specificities General Knowledge

International and APAC banking regulations Deep Knowledge

Essential Personal Skills

Communication skills – Ability to interact throughout oral and written communication skills Deep Knowledge

Provide leadership to various stakeholders in proactive manner Deep Knowledge

Ability to provide an accurate reporting to the Management Deep Knowledge

Must be motivated, and able to work independently as well as part of a team Deep Knowledge

Must demonstrate ethical responsibility, maturity, and discretion Deep Knowledge

Essential Technical Knowledge

Technical Access Management, Privilege Access Management, Identity & Access Management (CyberArk) Deep Knowledge

Data Security, Structured/Unstructured Data Discovery & Activity Monitoring, Data Leakage Prevention (DLP) - (Varonis, Guardium, Symantec) Deep Knowledge

Network protocols and network connectivity concepts; Firewall and Internet technologies Good

Infrastructure Vulnerability and Patch Management Good

Secure application design and architecture principles – including DevSecOps tools and practices (CI/CD) Good

Secure access control mechanisms: Encryption and Key Management techniques Deep Knowledge

Technical proficiency in various Operating Systems (Linux, AIX, Windows, AS400) and Databases (Oracle, MSSQL, PostGreSQL, MongDB Deep Knowledge

Knowledge of understanding digital transformation and mobile technologies and Cloud (Containers Docker, Kubernetes). Good

Knowledge of emerging technologies (NFT, encryption) Good

Knowledge in technologies like OAuth, Single Sign On, API based approach, TDD, BDD Good

Knowledge of standard IT Security concepts and methodologies Deep Knowledge

Deep understanding of cybersecurity threats and remediation options Deep Knowledge

IT Security Risk Assessment and Risk Management Good

IT Incident Management, CSIRT, DLP Good

IT Network Security (FW, WAF, Anti-DDos etc) Good

Specific Qualifications:

 5 to 10 years' experience in information security

 Experience in evaluation and design of technical architectures and processes

 Functional as well as technical knowledge of the common technical frameworks and solutions

 Knowledge of the Norms and Standards of the banking and cybersecurity industry

CGI is an equal opportunity employer. In addition, CGI is committed to providing accommodations for people with disabilities in accordance with provincial legislation. Please let us know if you require a reasonable accommodation due to a disability during any aspect of the recruitment process and we will work with you to address your needs.

Life at CGI:

It is rooted in ownership, teamwork, respect and belonging. Here, you’ll reach your full potential because…

You are invited to be an owner from day 1 as we work together to bring our Dream to life. That’s why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company’s strategy and direction

Your work creates value. You’ll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise

You’ll shape your career by joining a company built to grow and last. You’ll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons

Come join our team, one of the largest IT and business consulting services firms in the world

Your future duties and responsibilities

Required qualifications to be successful in this role

Together, as owners, let’s turn meaningful insights into action.

Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, you’ll reach your full potential because…

You are invited to be an owner from day 1 as we work together to bring our Dream to life. That’s why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company’s strategy and direction.

Your work creates value. You’ll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise.

You’ll shape your career by joining a company built to grow and last. You’ll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons.

Come join our team—one of the largest IT and business consulting services firms in the world.