Security Lead

Join a fast‑growing information security team supporting one of the world's largest IT providers. As part of the US GTO Security Strategy and Solutions team, the Security Lead (Security Manager/CSO) oversees physical and cyber security operations, partners with IT and senior leadership, and leads a team of five professionals to deliver compliant, effective security programs across U.S.-based industries.

The preferred location is Nashville, TN, but may be located within proximity of any CGI US location. This role requires up to 25% travel.

Future Duties and Responsibilities

. Developing Security Policies and Procedures: Develop comprehensive security policies and procedures that cover various aspects of security, including physical security, cyber security, and data protection. . Risk Assessment and Management: Conduct regular risk assessments to identify potential security threats and vulnerabilities that include analyzing the organization's assets, evaluating the potential risks, and implementing measures to mitigate these risks. . Implementing Security Measures: Implement appropriate security measures including installation of surveillance systems, access control mechanisms, and cybersecurity tools. . Monitoring Security Operations: Continuous monitoring of security operations including overseeing the operation of security systems, monitoring potential security incidents, and responding promptly to any alerts or breaches. . Incident Response and Management: Coordinate with relevant teams, investigate the incident, take corrective actions to resolve the issue and conduct a post-incident analysis to identify lessons learned and improve future incident response strategies. . Training and Awareness: Educate employees about security best practices. This involves organizing regular training sessions and awareness programs. . Compliance and Regulatory Requirements: Ensure the organization complies with all relevant security regulations and standards. This includes staying up to date with changes in laws and regulations, conducting regular audits, and implementing necessary changes to remain compliant. . Liaison with External Agencies: Act as the primary point of contact between the organization and external security agencies, such as law enforcement, regulatory bodies, and cybersecurity experts. . Budget Management: Plan and allocate resources for various security initiatives, ensuring that the organization invests in the right security technologies and solutions. . Leadership and Team Management: Establish clear goals, provide regular feedback, and ensure the team has the necessary skills and resources to perform their duties effectively. . Reporting and Documentation: Maintain detailed records of all security activities, incidents, and audits. Provide regular reporting to senior management and other stakeholders. . Industry Best Practices: Continuously seek ways to improve the organization's security posture and be informed about the latest security trends, technologies, and best practices.

Required Qualifications to be Successful in this Role Knowledge and Skills:

. Strong knowledge of cybersecurity principles, standards, and best practices . Proficiency in network security technologies (firewalls, VPNs, IDS/IPS, monitoring tools) . Experience securing Windows, Linux, and Unix environments . Understanding of secure coding and application security principles . Knowledge of encryption, cryptographic protocols, and key management . Hands-on experience with vulnerability assessment and penetration testing . Familiarity with cloud security architectures and best practices . Solid understanding of core networking protocols (TCP/IP, DNS, DHCP, routing) . Experience implementing security controls to meet regulatory requirements (e.g.,, HIPAA, PCI DSS)

Technical Proficiency:

. Hands-on experience with SIEM, endpoint protection, IDS, and vulnerability scanning tools . Strong understanding of network and web protocols and related security risks (e.g., HTTP, SSL/TLS, SMTP, DNS) . Knowledge of industry security frameworks, including NIST, ISO 27001, and CIS Controls . Proficiency in Python and PowerShell

Analytical and Problem-Solving Skills:

. Strong analytical skills to identify and assess security risks and vulnerabilities; as well as determination of root causes and recommend remediation actions. . Excellent problem-solving skills to develop effective security solutions and countermeasures.

Communication and Collaboration:

. Strong written and verbal communication skills. . Ability to collaborate effectively with cross-functional teams, including IT, development, and operations, to implement security measures and respond to security incidents. . Experience in creating and delivering security training and awareness programs.

Preferred Certifications: Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Certified Information Security Manager (CISM), Certified Cloud Security Professional (CCSP), or GIAC Security certifications. Other Information: CGI is required by law in some jurisdictions to include a reasonable estimate of the compensation range for this role. The determination of this range includes various factors not limited to skill set, level, experience, relevant training, and licensure and certifications. To support the ability to reward for merit-based performance, CGI typically does not hire individuals at or near the top of the range for their role. Compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range for this role in the U.S. is $110,000.00 - $140,000.00. CGI anticipates accepting applications until February 13, 2026. CGI's benefits are offered to eligible professionals on their first day of employment to include:

. Competitive compensation . Comprehensive insurance options . Matching contributions through the 401(k) plan and the share purchase plan . Paid time off for vacation, holidays, and sick time . Paid parental leave . Learning opportunities and tuition assistance . Wellness and Well-being programs

Skills:

Identity and Access Mgt (IAM), Linux, Windows