This job is now closed
Job Description
- Req#: 00059280821
Cognizant’s Corporate Security team is chartered with managing and directing the global enterprise physical and information security programs. The team is responsible for the oversight and coordination of security efforts across the company, including information technology, human resources, communications, legal, facilities management and other groups, and is responsible for identifying security initiatives and standards. Corporate Security drives security compliance and serves as the key organization responsible with helping the business appropriately manage security risks.
Coordination and collaboration of IT groups, Information Security teams, business units, and client delivery teams.
Responsibilities:
Security Governance
· Drive and implement security Governance, Risk and Compliance (GRC) for our wide variety of client delivery engagements within the region, including banking, insurance, mining, telco and public sectors.
· Engage in driving compliance against Business Information Security (BIS) and Corporate Security policies /standards
· Observe and apply regional and international cyber security and privacy laws, frameworks and standards such as ISO 27001, NIST-CSF, GDPR, Japan APPI, BAC, TBA.
· Work with the internal stakeholders such as Delivery Leaders, Business Information Security Officers (BISO) and affiliated Centre of Excellence (CoE) leaders to ensure organisational practices align with business objectives, compliance to standards and evolving threat landscape.
Security Risk and Control Management
Engage with variety of stakeholders: business leaders, auditors, customer security officers, legal, HR, and IT teams to understand security requirements and risk scenarios.
· Apply end-to-end risk management principles guided by business context and risk appetite. Identify, assess and respond to risks.
· Develop security management and data protection plan for key accounts: identify assets & threat vectors. Define mitigations and control framework.
· Conduct periodic risk and control assessments of our adherence to obligations and security management plan. Provide implementation plans to close gaps.
Security Operations and Program Management
· Conduct third party or client audit or security assessment activities such as ISO 27001, SOC report and PCI-DSS. Plan audit scope and schedule, and coordinate with various corporate functions to collect/produce evidences.
· Assist delivery team to review Technical Solution Designs to apply Secure-by-Design and Secure SDLC processes to ensure IT products and services are foundationally secure in accordance to risk appetite.
· Coordinate corporate incident management response and support investigations within a strict timeframe. Liaise with customers and external parties.
· Develop Security Training and Awareness materials, and conduct or facilitate awareness sessions.
· ISO27001 Lead Auditor /ISO 27001 Lead Implementer
Requirements:
· Must have a Bachelor’s degree or above in a related field or equivalent experience
· Prefer relevant security certifications such as CISA, CISSP, CRISC or equivalent
· Must have experience in Information Security functions - Strong experience in understanding and deploying risk management and security
· 5-7 years of Cyber Security experience - Minimum of security experience preferably within a large global organization
· Proven experience in information security and risk management field, especially with Technology Risk Management / IT Audit in Enterprise organizations
· Required prior experience in attaining certifications or attestations such as ISO 27001, SOC report, PCI, etc. Experience on ISO 27001 Information Security Management system, Risk Assessments, Evaluation of results / findings, contract review of security obligations, IT GRC Tools
· Preferred: Security and Privacy certifications such as CIPP/E, CISA, CISSP, CISM, CRISC, CCSK, CIPT, etc.
· Prefer experience in Information Security GRC compliance - Strong knowledge on IT GRC, ISO 27001, Privacy and other standards/audits/regulations like PCI DSS, HIPAA, SSAE 18/ ISAE 3402, SOC2 etc
· Understanding of network and system security technology and practices across all major-computing areas (Network, firewalls, client/server, PC/LAN, telephony) with a special emphasis on Internet related technology.
· Prefer experience in Project/Program Leadership and Management
Personal Characteristics:
· Ability to think strategically; work with a sense of urgency and pay attention to detail
· Ability to present complex solutions and methods to a general community
· Independent thinking, willingness to "step outside the box" and take reasonable, calculated risks
· Excellent written and verbal communication and organizational skills in English and Norwegian
· Strong collaboration skills and willingness to be a team player to solve problems and
· incorporate input from various sources
About the company
Cognizant is a multinational technology company that provides business consulting, information technology and outsourcing services.
Notice
Talentify is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected veteran status.
Talentify provides reasonable accommodations to qualified applicants with disabilities, including disabled veterans. Request assistance at accessibility@talentify.io or 407-000-0000.
Federal law requires every new hire to complete Form I-9 and present proof of identity and U.S. work eligibility.
An Automated Employment Decision Tool (AEDT) will score your job-related skills and responses. Bias-audit & data-use details: www.talentify.io/bias-audit-report. NYC applicants may request an alternative process or accommodation at aedt@talentify.io or 407-000-0000.