Information Systems Security Specialist
Information Systems Security Specialist
Main location: United States, All
Position ID: J0823-1046
Employment Type: Full Time
Meet our professionals
U.S. - CGI Values our Veterans
CGI is in the top 5 largest global IT companies spread across 40 countries with endless opportunities to expand and grow. As a CGI Member, you have the opportunity to be a shareholder at CGI and join a family of over 90,000 members strong. Would you like to grow with an IT organization offering greater opportunity and challenge? Join the CGI team and get your career on the fast track!
CGI Federal is looking for an Information Systems Security Specialist to support development and maintenance activities for a cloud-base financial regulation reporting system. The Information Systems Security Specialist must hold a nationally recognized security certification (e.g. CISSP, CCSP, CSSLP) and have a minimum of five years of experience equivalent to performing the duties of an Information Systems Security Officer (ISSO).
The preferred location for this position is Nationwide.
Your future duties and responsibilities:
• Function as System Owner’s IT security expert.
• Advise the system owner (SO) regarding security considerations in applications systems
procurement or development, implementation, operation and maintenance, and disposal
activities (i.e., life cycle management).
• Report any possible weakness/vulnerability to the SO
• Assist in the determination of an appropriate level of security commensurate with the
level of sensitivity. Coordinate with all stakeholders to ensure that the major application
maintains confidentiality, integrity and availability.
• Assist in the development and maintenance of security and contingency plans.
• Participate in security impact analysis to periodically re-evaluate sensitivity of the system,
risks, and mitigation strategies.
• Participate in security impact analysis of system safeguards and program elements and in
authorization and assessment (A&A) of the system for continuous monitoring.
• Meet routinely with the SO to review POA&M (Plan of Actions and Milestones) status.
• Generate draft POA&Ms as needed
• Keep Management abreast of any POA&M issues that affect completion dates
• Issue WCVFs (Weakness Completion Verification Form) to officially close out POA&Ms
• Ensure that the system documentation in CSAM is current including but not limited to:
• Act as the point of contact (POC) for all security incidents and the Computer Incident
Response Team (CIRT)
• Handle and investigate incidents in cooperation with, and under direction of, the SO and
• Provide oversight of vulnerability scanning and assist in penetration testing of
• Ensure all user accounts are disabled within 24 hours of notification of user’s separation
and immediately for individuals being separated for adverse reasons.
• Monitor and review security policy, practices, and procedures.
• Enforce the security of all interfaces with external systems, develop and maintain
interconnection documentation (ISA, SLA, MOU, and MOA).
• Responsible for maintaining a security certification as specified by policy.
• Responsible for taking annual role-based security training commensurate with the role
and keeping security knowledge current.
• Act as system Security representative in all meetings including but not limited to:
• CMB (Change Management Board)
• Development and Operations Meetings
• Development elaborations and sprints
• Support the CDM (Continuous Detection and Mitigation) Program
• Ensure that CDM metrics are properly collected
• Update CDM documentation as required
• Coordinate CDM Data Calls
• Participates in the Authority to Deploy (ATD) process
• Verify that deployments do not present unmanageable risks.
• Review all scans
• Work with developers and administrators to address mitigation of findings
• Verify that the ATD form is accurately completed.
• Verify that development meets appropriate NIST SP800-53 controls.
Required qualifications to be successful in this role:
The ISSO must possess experience in managing security operations of a large complex Federal Government IT system. Desired skills and/or credentials are as follows:
• Hold a nationally recognized security certification (e.g. CISSP, CCSP, CSSLP)
• Minimum of five years of experience equivalent to performing the duties of an ISSO.
• Strong understanding of project management principles and practices
• Strong understanding of Helpdesk and Customer Relations Support systems
• Experience with Atlassian tools: Confluence, Jira, Git
• Information Technology Infrastructure Library (ITIL) Certification
Due to the nature of this US Government contract, U.S. Citizenship is required.
CGI is required by law in some jurisdictions to include a reasonable estimate of the compensation range for this role. The determination of this range includes various factors not limited to: skill set level, experience and training, and licensure and certifications. CGI typically does not hire individuals at or near the top of the range for their role. Compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is $84,000-$186,000
Threat Risk Assessment
What you can expect from us:
Insights you can act on
While technology is at the heart of our clients’ digital transformation, we understand that people are at the heart of business success.
When you join CGI, you become a trusted advisor, collaborating with colleagues and clients to bring forward actionable insights that deliver meaningful and sustainable outcomes. We call our employees “members” because they are CGI shareholders and owners and owners who enjoy working and growing together to build a company we are proud of. This has been our Dream since 1976, and it has brought us to where we are today — one of the world’s largest independent providers of IT and business consulting services.
At CGI, we recognize the richness that diversity brings. We strive to create a work culture where all belong and collaborate with clients in building more inclusive communities. As an equal-opportunity employer, we want to empower all our members to succeed and grow. If you require an accommodation at any point during the recruitment process, please let us know. We will be happy to assist.
Ready to become part of our success story? Join CGI — where your ideas and actions make a difference.
Qualified applicants will receive consideration for employment without regard to their race, ethnicity, ancestry, color, sex, religion, creed, age, national origin, citizenship status, disability, pregnancy, medical condition, military and veteran status, marital status, sexual orientation or perceived sexual orientation, gender, gender identity, and gender expression, familial status, political affiliation, genetic information, or any other legally protected status or characteristics.
CGI provides reasonable accommodations to qualified individuals with disabilities. If you need an accommodation to apply for a job in the U.S., please email the CGI U.S. Employment Compliance mailbox at USEmploymentCompliance@cgi.com . You will need to reference the requisition number of the position in which you are interested. Your message will be routed to the appropriate recruiter who will assist you. Please note, this email address is only to be used for those individuals who need an accommodation to apply for a job. Emails for any other reason or those that do not include a requisition number will not be returned .
We make it easy to translate military experience and skills! Clickhere (https://cgi-veterans.jobs/) to be directed to our site that is dedicated to veterans and transitioning service members.
All CGI offers of employment in the U.S. are contingent upon the ability to successfully complete a background investigation. Background investigation components can vary dependent upon specific assignment and/or level of US government security clearance held. CGI will consider for employment qualified applicants with arrests and conviction records in accordance with all local regulations and ordinances.
CGI will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with CGI’s legal duty to furnish information.