Manager, Information Risk Management-Corporate Security (100% Remote)

Information Risk Management (IRM) program encompasses a global team that is responsible for ensuring all security risks pertaining to corporate/support functions are managed end to end. The team is a corporate facing team and engages on a frequent basis with corporate functional leaders to identify, analyze and mitigate security risks. The team is also the primary touch point between the Corporate Security Groups and other corporate functions, while supporting the organizational security requirements and compliance.

Responsibilities:

We are seeking a Manager – Corporate Security – IRM, to be part of Corporate Security Group, and play a key role in the overall management of a Cognizant-wide Information Risk Management practice for the Corporate Functions.

• Contribute towards the execution of policies, standards and procedures specific set by enterprise standards and account specific standards as they apply to Security Governance, Risk, and Compliance requirements from organizational perspective.

• Shall serve as the subject matter expert within corporate functions for risk management and related activities, as well as for all security matters

• Perform periodic Security Risk assessments and conduct related ongoing compliance monitoring activities with corporate standards as well as measure alignment with NIST and ISO27001, etc.

• Review security exceptions for the specific corporate function and identify risks

• Conduct risk assessments for all service lines of each corporate functions and advise the corporate leadership on risk mitigation

• Monitor the risk mitigation plans and help bring open risk to closure

• Work with internal and external auditors for any third party assessments on corporate functions

• Provide periodic updates to the management on compliance efforts

• Develop and monitor security metrics for corporate functions

• Demonstrates proven expertise and success managing project work streams in system security, cyber security controls or information security management environment, specifically on the following information security domains:

  • Security Architecture and Strategy (Integrated Risk Management)

  • Identity & Access Management

  • Data Leakage Prevention; Focus on Data Flow, Encryption

  • Large Complex Program Execution/Implementation

  • Security Function Design and Governance

  • Incident Management

  • Security Infrastructure

  • Cloud Security