Corporate Security - Governance Risk Compliance
We continuously seek extraordinary associates when recruiting new employees. We pride ourselves on having extensive experience working with clients in all major markets. Cognizant's delivery model is infused with a distinct culture of high customer happiness. We consistently deliver positive relationships, cost reductions and business results. At Cognizant, we believe those who challenge the way they work today will be responsible for the way tomorrow.
Are you ready to be a change-maker? Do you love the challenge of bringing teams together to pursue business problems? Do you dream of working with a dynamic learning community that offers the latest knowledge in Corporate Security? Do you want to see yourself working for a highly respected Fortune 200 company with an established reputation in the Corporate Security space?
The Information Risk Management (IRM) is a global team that is responsible for ensuring all security risks pertaining to business delivery and Client engagements are led end to end. The team engages on a frequent basis with business leaders to identify, analyze and mitigate security risks. The team is also the primary touch point between the Corporate Security Group and Business teams, while supporting the business on Client security requirements and compliance.
The Senior Manager, Corporate Security - GRC supports strategic and technical initiatives, including performance of Operational Risk Assessments, handling Risk Acceptance activities, developing annual risk posture and remediation recommendation report, and completion verification reviews of security projects and initiatives. The Senior Manager, Corporate Security - GRC will report directly to the Associate Director, Corporate Security - GRC.
Key Responsibilities include:
* Run the Cyber Security risk assessment program for Cognizant Life Sciences team, managing the program providing solutions from; development, implementation, maintenance, and solution architecture.
* Lead risk assessment activities coordinating with the security team, Senior Leadership, vendors, and contractors.
* Serve as a senior advisor in the development, implementation, and maintenance of a company-wide information security policy and control framework.
* Provide process improvement support in the functional area of Governance, Risk and Compliance.
* Provide periodic analysis of corporate risk position, based on analysis of current controls status and current cyber threat landscape.
* Maintain corporate risk register.
* Assist in the development, configuration, and implementation of GRC toolsets.
* Collect evidence of project completions and maintain program records.
* Monitor developments in the information security industry including vendor strategies and communicate on the potential impact on or applicability to the organization.
* Promote security culture and drive continuous security improvements. Ensure technical and operational security controls are incorporated into new systems and applications through participation in planning groups and the review of new systems, installations, and other major changes.
* Provide advice and assistance to internal team and external entities (subcontractors, contractors and vendors) concerning the security of information and critical data processing capabilities.
* Interpret HIPAA / HITRUST controls and properly apply the specifications across the operational responsibilities to help build cost-effective, scalable security controls and infrastructure to sustain certification levels across the enterprise.
* Inspire new ways of thinking and performing activities while creating a team environment where members accept change and adopt new practices.
* Establish rapport, credibility, and cohesion across all business unit teams and IT teams in the course of managing the projects.
* Engages with and participates with cross-functional independent representations of management to ensure appropriate oversight and governance of the security program.
* Ensures that assessment functions periodically review key programs related to information protection to obtain independent assessments of the security program effectiveness.
* Periodically reports progress to management, and assesses and measures results related to Information Security activities.
* Other duties as assigned.
* 7-10 years of combined experience between IT Security Governance and various Cyber Security disciplines.
* 3-5 years of previous client facing and advisory experience required. Big4 IT risk management consulting experience a plus.
* 3-5 years of experience in a Cyber Security or Risk Advisory role for regulated environments.
* In depth knowledge in at least two of the following: HIPAA regulatory requirements, ISO27001 and ISO27002, NIST 800-53, HITRUST/NIST CSF (other regulatory experience may be considered).
* Bachelor's Degree in Computer Science, Engineering or related field required.
* CISA, CISSP, CRISC, or other relevant information security industry recognized certification required.
Cognizant is a provider of information technology, consulting, and business process outsourcing services.