Vulnerability Manager

Position Description:

Position Overview
The Vulnerability Manager will lead the IT Infrastructure Cybersecurity Operations team, overseeing the enterprise-wide vulnerability remediation program for the organization's infrastructure environment. This role bridges the Information Security team and IT Infrastructure platform teams, ensuring timely remediation of vulnerabilities across servers, networks, databases, and virtualization infrastructure while maintaining executive visibility through regular reporting.

Your future duties and responsibilities:

Key Responsibilities
-Infrastructure Vulnerability Remediation Management
-Lead remediation efforts for vulnerabilities across IT Infrastructure domains.
-Track vulnerabilities from Tenable, penetration testing, security assessments, and threat intelligence feeds.
-Monitor remediation progress against established SLA deadlines.
-Engage proactively with Infrastructure, Network, Database, and Virtualization teams to ensure timely closure.
-Maintain comprehensive dashboards and metrics on vulnerability remediation status.
Stakeholder Management & Reporting
-Present monthly vulnerability management reports to IT Infrastructure leadership and the CISO office.
-Provide executive insights on remediation trends, infrastructure risk exposure, and program effectiveness.
-Escalate critical infrastructure vulnerabilities to executive technology leadership and risk management stakeholders.
Technical Guidance & Infrastructure Support
-Provide expert guidance on remediation strategies, patching approaches, and configuration hardening.
-Troubleshoot complex remediation scenarios involving legacy systems, business-critical infrastructure, or technical dependencies.
-Recommend best practices for infrastructure vulnerability mitigation aligned with industry security standards.
-Advise on patch management strategies balancing security requirements with infrastructure stability.
Risk Acceptance & Control Validation
-Review and validate risk acceptance requests when immediate remediation is not feasible due to business criticality, legacy constraints, vendor limitations, or complex dependencies.
-Assess adequacy of proposed compensating controls (network segmentation, access controls, monitoring).
-Guide teams in developing robust compensating controls that effectively reduce risk exposure.
-Ensure risk acceptance documentation meets internal governance, regulatory, and compliance requirements.
Program Leadership & Governance
-Drive continuous improvement of the infrastructure vulnerability management program.
-Develop and maintain vulnerability management policies, procedures, and workflows aligned with organizational IT governance.
-Foster collaboration between Information Security and IT Infrastructure teams.
-Support regulatory examinations and audits related to infrastructure security.

Required Qualifications
-Bachelor's degree in Computer Science, Information Technology, Information Security, or related field.
-7+ years of experience in IT infrastructure security, cybersecurity operations, or vulnerability management within banking or financial services.
-3+ years in a leadership or management role.
-Strong understanding of vulnerability assessment tools (Tenable/Nessus) and infrastructure scanning methodologies.
-Experience with risk management frameworks and control validation in regulated environments.
-Proven ability to communicate technical infrastructure security concepts to executive audiences.
-Understanding of regulatory requirements and IT risk management in financial institutions.
Preferred Qualifications
-Relevant certifications: CISSP, CISM, or similar.
-Experience with vulnerability management platforms and ITSM systems (ServiceNow).
-Background in both information security and IT infrastructure operations.
-Experience working in large, complex enterprise IT environments.
-English (mandatory), French language skills (preferred).

Required qualifications to be successful in this role:

Key Competencies
-Strong analytical and problem-solving skills with infrastructure focus.
-Excellent communication and presentation abilities in English.
-Proactive and results-oriented mindset with ability to work under regulatory pressure.
-Ability to influence infrastructure teams without direct authority.
Strategic thinking with attention to operational detail and business impact.
-Stakeholder management and negotiation skills across technical and business functions.
-Ability to balance security requirements with business continuity and operational resilience.
-Working from home on a voluntary basis for up to 2 days per week after 3 months of joining.
-Collaboration with global IT Infrastructure and Security teams.
-Exposure to senior IT and Risk leadership.

CGI provides a reasonable estimate of the salary range for this position. This range is determined based on various factors, including skill level, geographic market, experience, education, as well as professional licenses and certifications. Compensation decisions are made on a case-by-case basis, a reasonable estimate for the salary range of this position is between $60,000 and $115,000. This position is currently open.

#LI-AM1

Bilingualism (French and English) is required for this position due to the nature of the role requiring interaction with national and global clients.

Skills:

• English
• French
• IT Security
• Vulnerability Management(IAVM)

What you can expect from us:

Together, as owners, let’s turn meaningful insights into action.

Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, you’ll reach your full potential because…

You are invited to be an owner from day 1 as we work together to bring our Dream to life. That’s why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company’s strategy and direction.

Your work creates value. You’ll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise.

You’ll shape your career by joining a company built to grow and last. You’ll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons.

At CGI, we value the strength that diversity brings and are committed to fostering a workplace where everyone belongs. We collaborate with our clients to build more inclusive communities and empower all CGI partners to thrive. As an equal-opportunity employer, being able to perform your best during the recruitment process is important to us. If you require an accommodation, please inform your recruiter.

To learn more about accessibility at CGI, contact us via email. Please note that this email is strictly for accessibility requests and cannot be used for application status inquiries.

Come join our team—one of the largest IT and business consulting services firms in the world.