About the role
MissionsThe candidate will report to an experienced testing manager and will be responsible for leading reviews as part of the Annual Control Plan focused specifically on Information Technology, Infosec and Cyber risks.
The candidate will be responsible to:- Conduct business process and control walkthroughs and gather information to understand the context, risks and intended control operation to be tested.- Scope, plan and execute technology and compliance control audits with the following focus areas:Design and execute tests to validate application system controls, which may require data analysis, code inspection and re-performance of system processes.Analyse the design of controls around the underlying system architecture in the context of information technology controls such as security, availability and performance and their impact on business-aligned technology groups.Analyse the business and technology processes to evaluate the effectiveness of the relevant technology controls.Validate that system features meet business, technology and regulatory requirements.- Identify issues through testing, ensuring that appropriate action plans are being developed by the business to correct the deficiencies noted.- Discuss results and findings with relevant stakeholders including the business or function being tested.- Document review work and develop final testing reports to document and formally communicate testing results to stakeholders.- Validate that the business has completed the agreed-upon action plans by the due date.- Maintain regular engagement and provide feedback to key stakeholders within Compliance, Risk and Business units.- Assist the audit manager with development of the annual risk-based Testing Plan.
ProfileCompetencies- Understand and apply audit methodology and various techniques to perform controls-based audits.- Apply knowledge and experience in auditing general and application controls across a variety of technologies and platforms using IS industry standards and best practices.- Apply a broad and comprehensive understanding of high-risk IS/cyber areas including identity and access management, data protection, encryption, firewall security, intrusion detection and prevention systems, and insider threat.- Audit non-technical areas including IT governance, project management and systems development.- Audit experience covering cloud-based infrastructure is a plus, but not required.- Synthesize data and observations into findings and effectively present and communicate conclusions in writing and orally.- Analyze complex sets of data using Excel, Access, VBA and other advanced scripting and analytical tools that help operate and visualize data.- Understand Investment Banking and Broker-Dealer related risks and regulations.- Apply strong analytical, problem-solving and organizational skills; handle multiple, simultaneous, and ad-hoc requests.- Exercise strong attention to detail; ability to work independently; prioritize and work in a dynamic, deadline-focused environment.- Work collaboratively within a complex organization, across multiple cultures, geographies and disciplines; strong interpersonal and written/verbal communication skills.
Technical Skills & Knowledge- Experience and application of industry-standard technology frameworks and regulations such as NIST, FFIEC, ISO, GDPR, NYSDFS, FISMA, etc.- Experience with various data analytics and data management tools:Scripting tools: Python, VBARelational data tools: T-SQL, PL/SQLData visualization tools: PowerBI, Microstrategy, Spotfire- Expertise with Microsoft Word, Excel and PowerPoint- Excellent writing skills- Securities licenses a plusPrior Work Experience- 7–11 years of working experience within the Financial Services industry or equivalent environment- 3–5 years performing audits of systems, physical, logical, or cybersecurity in a technical environment using generally accepted auditing standards consistent with internal control frameworks- General knowledge of applicable regulatory requirements and expectations related to investment banking and broker-dealer activities- AML experience a plusQualifications (Experience, Education, Languages)- B.A./B.S. in Computer Science, Information Security, Engineering or equivalent discipline- Relevant IT audit certifications are a plus, such as:Certified Information Systems Auditor (CISA)Certified Information System Security Professional (CISSP)Certified Public Accountant (CPA)Certified Internal Auditor (CIA)
LANGUAGEAbility to communicate in English, both orally and in writing, is a requirement as the person in this position will need to collaborate regularly with colleagues and partners in the United States.
- English language proficiency; French speaking a plus
Your future duties and responsibilities
Required qualifications to be successful in this role
Together, as owners, let’s turn meaningful insights into action.
Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, you’ll reach your full potential because…
You are invited to be an owner from day 1 as we work together to bring our Dream to life. That’s why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company’s strategy and direction.
Your work creates value. You’ll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise.
You’ll shape your career by joining a company built to grow and last. You’ll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons.
At CGI, we value the strength that diversity brings and are committed to fostering a workplace where everyone belongs. We collaborate with our clients to build more inclusive communities and empower all CGI partners to thrive. As an equal-opportunity employer, being able to perform your best during the recruitment process is important to us. If you require an accommodation, please inform your recruiter.
To learn more about accessibility at CGI, contact us via email. Please note that this email is strictly for accessibility requests and cannot be used for application status inquiries.
Come join our team—one of the largest IT and business consulting services firms in the world.
About CGI
Insights you can act on to achieve trusted outcomes.
We are insights-driven and outcomes-focused to help accelerate returns on your investments. Across 21 industry sectors and 400 locations worldwide, we provide comprehensive, scalable and sustainable IT and business consulting services that are informed globally and delivered locally.
We value your opinions and welcome your comments and questions on our posts here on LinkedIn. Please keep a polite, professional and constructive tone. We remove comments containing objectionable language and derogatory views. We do not allow content that is unrelated to the subject, and we remove discriminatory and racist comments as well as spam and advertising.
Note that content on this page contains general information regarding CGI’s services and initiatives and should not be considered direct business advice. To engage in a discussion with one of our experts, please make a request through https://www.cgi.com/en/contact-us
About the role
MissionsThe candidate will report to an experienced testing manager and will be responsible for leading reviews as part of the Annual Control Plan focused specifically on Information Technology, Infosec and Cyber risks.
The candidate will be responsible to:- Conduct business process and control walkthroughs and gather information to understand the context, risks and intended control operation to be tested.- Scope, plan and execute technology and compliance control audits with the following focus areas:Design and execute tests to validate application system controls, which may require data analysis, code inspection and re-performance of system processes.Analyse the design of controls around the underlying system architecture in the context of information technology controls such as security, availability and performance and their impact on business-aligned technology groups.Analyse the business and technology processes to evaluate the effectiveness of the relevant technology controls.Validate that system features meet business, technology and regulatory requirements.- Identify issues through testing, ensuring that appropriate action plans are being developed by the business to correct the deficiencies noted.- Discuss results and findings with relevant stakeholders including the business or function being tested.- Document review work and develop final testing reports to document and formally communicate testing results to stakeholders.- Validate that the business has completed the agreed-upon action plans by the due date.- Maintain regular engagement and provide feedback to key stakeholders within Compliance, Risk and Business units.- Assist the audit manager with development of the annual risk-based Testing Plan.
ProfileCompetencies- Understand and apply audit methodology and various techniques to perform controls-based audits.- Apply knowledge and experience in auditing general and application controls across a variety of technologies and platforms using IS industry standards and best practices.- Apply a broad and comprehensive understanding of high-risk IS/cyber areas including identity and access management, data protection, encryption, firewall security, intrusion detection and prevention systems, and insider threat.- Audit non-technical areas including IT governance, project management and systems development.- Audit experience covering cloud-based infrastructure is a plus, but not required.- Synthesize data and observations into findings and effectively present and communicate conclusions in writing and orally.- Analyze complex sets of data using Excel, Access, VBA and other advanced scripting and analytical tools that help operate and visualize data.- Understand Investment Banking and Broker-Dealer related risks and regulations.- Apply strong analytical, problem-solving and organizational skills; handle multiple, simultaneous, and ad-hoc requests.- Exercise strong attention to detail; ability to work independently; prioritize and work in a dynamic, deadline-focused environment.- Work collaboratively within a complex organization, across multiple cultures, geographies and disciplines; strong interpersonal and written/verbal communication skills.
Technical Skills & Knowledge- Experience and application of industry-standard technology frameworks and regulations such as NIST, FFIEC, ISO, GDPR, NYSDFS, FISMA, etc.- Experience with various data analytics and data management tools:Scripting tools: Python, VBARelational data tools: T-SQL, PL/SQLData visualization tools: PowerBI, Microstrategy, Spotfire- Expertise with Microsoft Word, Excel and PowerPoint- Excellent writing skills- Securities licenses a plusPrior Work Experience- 7–11 years of working experience within the Financial Services industry or equivalent environment- 3–5 years performing audits of systems, physical, logical, or cybersecurity in a technical environment using generally accepted auditing standards consistent with internal control frameworks- General knowledge of applicable regulatory requirements and expectations related to investment banking and broker-dealer activities- AML experience a plusQualifications (Experience, Education, Languages)- B.A./B.S. in Computer Science, Information Security, Engineering or equivalent discipline- Relevant IT audit certifications are a plus, such as:Certified Information Systems Auditor (CISA)Certified Information System Security Professional (CISSP)Certified Public Accountant (CPA)Certified Internal Auditor (CIA)
LANGUAGEAbility to communicate in English, both orally and in writing, is a requirement as the person in this position will need to collaborate regularly with colleagues and partners in the United States.
- English language proficiency; French speaking a plus
Your future duties and responsibilities
Required qualifications to be successful in this role
Together, as owners, let’s turn meaningful insights into action.
Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, you’ll reach your full potential because…
You are invited to be an owner from day 1 as we work together to bring our Dream to life. That’s why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company’s strategy and direction.
Your work creates value. You’ll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise.
You’ll shape your career by joining a company built to grow and last. You’ll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons.
At CGI, we value the strength that diversity brings and are committed to fostering a workplace where everyone belongs. We collaborate with our clients to build more inclusive communities and empower all CGI partners to thrive. As an equal-opportunity employer, being able to perform your best during the recruitment process is important to us. If you require an accommodation, please inform your recruiter.
To learn more about accessibility at CGI, contact us via email. Please note that this email is strictly for accessibility requests and cannot be used for application status inquiries.
Come join our team—one of the largest IT and business consulting services firms in the world.
About CGI
Insights you can act on to achieve trusted outcomes.
We are insights-driven and outcomes-focused to help accelerate returns on your investments. Across 21 industry sectors and 400 locations worldwide, we provide comprehensive, scalable and sustainable IT and business consulting services that are informed globally and delivered locally.
We value your opinions and welcome your comments and questions on our posts here on LinkedIn. Please keep a polite, professional and constructive tone. We remove comments containing objectionable language and derogatory views. We do not allow content that is unrelated to the subject, and we remove discriminatory and racist comments as well as spam and advertising.
Note that content on this page contains general information regarding CGI’s services and initiatives and should not be considered direct business advice. To engage in a discussion with one of our experts, please make a request through https://www.cgi.com/en/contact-us