Information Systems Security Specialist
Meet our professionals
U.S. - CGI Values our Veterans
CGI is in the top 5 largest global IT companies spread across 40 countries with endless opportunities to expand and grow. As a CGI Member, you have the opportunity to be a shareholder at CGI and join a family of over 90,000 members strong. Would you like to grow with an IT organization offering greater opportunity and challenge? Join the CGI team and get your career on the fast track!
CGI Federal is looking for an Information Systems Security Specialist to support development and maintenance activities for a cloud-base financial regulation reporting system. The Information Systems Security Specialist must hold a nationally recognized security certification (e.g. CISSP, CCSP, CSSLP) and have a minimum of five years of experience equivalent to performing the duties of an Information Systems Security Officer (ISSO).
The preferred location for this position is Nationwide.
Your future duties and responsibilities:
• Function as System Owner’s IT security expert.
• Advise the system owner (SO) regarding security considerations in applications systems
procurement or development, implementation, operation and maintenance, and disposal
activities (i.e., life cycle management).
• Report any possible weakness/vulnerability to the SO
• Assist in the determination of an appropriate level of security commensurate with the
level of sensitivity. Coordinate with all stakeholders to ensure that the major application
maintains confidentiality, integrity and availability.
• Assist in the development and maintenance of security and contingency plans.
• Participate in security impact analysis to periodically re-evaluate sensitivity of the system,
risks, and mitigation strategies.
• Participate in security impact analysis of system safeguards and program elements and in
authorization and assessment (A&A) of the system for continuous monitoring.
• Meet routinely with the SO to review POA&M (Plan of Actions and Milestones) status.
• Generate draft POA&Ms as needed
• Keep Management abreast of any POA&M issues that affect completion dates
• Issue WCVFs (Weakness Completion Verification Form) to officially close out POA&Ms
• Ensure that the system documentation in CSAM is current including but not limited to:
• Act as the point of contact (POC) for all security incidents and the Computer Incident
Response Team (CIRT)
• Handle and investigate incidents in cooperation with, and under direction of, the SO and
• Provide oversight of vulnerability scanning and assist in penetration testing of
• Ensure all user accounts are disabled within 24 hours of notification of user’s separation
and immediately for individuals being separated for adverse reasons.
• Monitor and review security policy, practices, and procedures.
• Enforce the security of all interfaces with external systems, develop and maintain
interconnection documentation (ISA, SLA, MOU, and MOA).
• Responsible for maintaining a security certification as specified by policy.
• Responsible for taking annual role-based security training commensurate with the role
and keeping security knowledge current.
• Act as system Security representative in all meetings including but not limited to:
• CMB (Change Management Board)
• Development and Operations Meetings
• Development elaborations and sprints
• Support the CDM (Continuous Detection and Mitigation) Program
• Ensure that CDM metrics are properly collected
• Update CDM documentation as required
• Coordinate CDM Data Calls
• Participates in the Authority to Deploy (ATD) process
• Verify that deployments do not present unmanageable risks.
• Review all scans
• Work with developers and administrators to address mitigation of findings
• Verify that the ATD form is accurately completed.
• Verify that development meets appropriate NIST SP800-53 controls.
Required qualifications to be successful in this role:
The ISSO must possess experience in managing security operations of a large complex Federal Government IT system. Desired skills and/or credentials are as follows:
• Hold a nationally recognized security certification (e.g. CISSP, CCSP, CSSLP)
• Minimum of five years of experience equivalent to performing the duties of an ISSO.
• Strong understanding of project management principles and practices
• Strong understanding of Helpdesk and Customer Relations Support systems
• Experience with Atlassian tools: Confluence, Jira, Git
• Information Technology Infrastructure Library (ITIL) Certification
Due to the nature of this US Government contract, U.S. Citizenship is required.
CGI is required by law in some jurisdictions to include a reasonable estimate of the compensation range for this role. The determination of this range includes various factors not limited to: skill set level, experience and training, and licensure and certifications. CGI typically does not hire individuals at or near the top of the range for their role. Compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is $84,000-$186,000
- Information Assurance
- Operational Security
- Threat Risk Assessment