Security Compliance Analyst - U.S. Citizenship Required

• Support ISSO team activities related to continuous monitoring and ongoing security compliance

• Conduct security control assessments in alignment with NIST RMF (SP 800-53, 800-37) and federal security requirements

• Support the development and execution of security impact assessments to evaluate system changes and their effect on system risk posture

• Assist with maintaining and updating system security documentation, including SSPs, POA&Ms, and security control evidence

• Perform routine security reviews, vulnerability tracking, and control assessments

• Help evaluate system categorization and control selection in alignment with FIPS 199 and NIST RMF guidelines

• Coordinate with technical teams to gather security evidence and ensure continuous monitoring requirements are met

• Track and report on security risks, remediation progress, and compliance status

• Support preparation for audits, assessments, and internal security reviews

• Participate in the system lifecycle process by integrating NIST 800-37 Risk Management Framework (RMF) activities into appropriate phases

• Conduct risk and vulnerability assessments related to system architecture changes

• Due to the nature of the government contract and clearance requirements, U.S. citizenship is required, as well as successful completion of a CGI background check before beginning work. * * In addition, candidates must be able to obtain and maintain a DHS CISA EOD/Public Trust clearance

• Bachelor's degree and up to five years of experience supporting cybersecurity teams for enterprise cybersecurity shared services programs or cloud programs

• Experience with continuous monitoring for moderate- and high-impact systems

• Working knowledge of the following NIST Special Publications 800-series (listed in priority):

800-37 (Risk Management Framework)

800-53 (Security & Privacy Controls)

800-18 (System Security Plans)

800-30 (Risk Assessment)

800-137 (Continuous Monitoring)

• Knowledge of Federal Information Processing Standards (FIPS), especially FIPS 199 (Security Categorization)

• If no NIST experience, working knowledge of the DoD Information Technology Security Certification and Accreditation Process (DITSCAP) or DoD Information Assurance policy 8500.1 and the RMF

• If no NIST or DITSCAP experience, working knowledge of NSA Information Assurance processes

• Understanding of IT security principles, concepts, policies, and regulations

• Ability to effectively document security controls

• Proficiency with Microsoft Word, Excel, and Microsoft Project

Desired qualifications:

• Prior experience supporting an ISSO or security compliance team

• Experience with continuous monitoring and cATO activities

• Familiarity with security tools such as vulnerability scanners, SIEM platforms, or configuration management solutions

• Exposure to cloud environments (AWS, Azure, or GCP) and related security requirements

• Understanding of FedRAMP, FISMA, or agency-specific compliance frameworks

• Technical background supporting interpretation of control implementations or system architecture

• Experience with CISA's Continuous Diagnostics and Mitigation (CDM) program, * English

CGI is required by law in some jurisdictions to include a reasonable estimate of the compensation range for this role. The determination of this range includes various factors not limited to skill set, level, experience, relevant training, and licensure and certifications. To support the ability to reward for merit-based performance, CGI typically does not hire individuals at or near the top of the range for their role. Compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range for this role in the U.S. is $79,600.00 - $194,000.00.

CGI Federal's benefits are offered to eligible professionals on their first day of employment to include:

• Competitive compensation

• Comprehensive insurance options

• Matching contributions through the 401(k) plan and the share purchase plan

• Paid time off for vacation, holidays and sick time

• Paid parental leave

• Learning opportunities and tuition assistance

• Wellness and well-being programs

#CGIFederalJob

CGI is one of the top five largest global IT companies, operating across 40 countries and offering endless opportunities to grow and advance. As a CGI Federal member, you have the opportunity to become a shareholder and join a family of 90,000 partners strong. CGI Federal is hiring a Security Compliance Analyst to support a skilled and motivated team of ISSOs on a high-visibility program. You will support a dynamic, fast-paced project focused on improving the cybersecurity posture of civilian government agencies through the implementation and enhancement of a cybersecurity platform and the delivery of integration services. You will also assist in developing additional cybersecurity offerings focused on next-generation security solutions and technologies. The successful candidate is a motivated, self-starting individual who works effectively in a dynamic environment. This is an excellent opportunity with room for growth both within the program and across CGI Federal. This position is located in one of CGI Federal's offices in Fairfax, VA or Lafayette, LA; however, a hybrid working model is acceptable. You will be required to work in a CGI Federal office two days per week., Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, you'll reach your full potential because… You are invited to be an owner from day 1 as we work together to bring our Dream to life. That's why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company's strategy and direction. Your work creates value. You'll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise. You'll shape your career by joining a company built to grow and last. You'll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons. Come join our team-one of the largest IT and business consulting services firms in the world.