The Business Information Security (BIS) is a global team that is responsible for ensuring all security risks pertaining to business delivery and Client engagements are managed end to end. The team engages on a frequent basis with business leaders to identify, analyse and mitigate security risks. The team is also the primary touch point between the Corporate Security Group and Business teams, while supporting the business on Client security requirements and compliance.
We are currently looking for an Information Security Senior Associate. The role will be part of Corporate Security Group and will facilitate security requirements for Cognizant UKI clients (based in Ireland).
Responsibilities
* Support security and compliance risks in service delivery for key verticals and communicate with Business teams to understand all critical security requirements and risk scenarios.
* Engage in risk program for the key accounts: define control framework; identify and evaluate risks; understand business context and prepare reports and recommendations.
* Coordinate with Incident team during incidents and support investigation of security breaches.
* Perform annual Security Risk assessments and conduct related ongoing compliance monitoring activities in coordination with Privacy Officer and Legal Team members.
* Representation in external audits (such as ISO 27001, Cyner Essentials, PCI DSS, SPC) and coordination with auditors: plan out audit schedule and charter for corporate functions and coordinate with all internal stakeholders towards preparation.
* Identification of compliance gaps, development of remediation plans, audit/ certification, documentation, monitoring compliance status, and ultimate attestation of compliance.
* Assess, prepare and ensure all IT systems, policies and procedures fully comply with Cognizant ISO 27001 SoA, security laws, rules and regulations.
* Engage with different stakeholders: external auditors, customer visitors, business leaders and corporate teams, such as HR, legal, IT, etc.
* Conduct reviews to assess the service delivery control environment and evaluate adherence to client identified contractual requirements, Cognizant policies and standards.
* Support business team during deal pursuit.
Requirements
* Educated to at least a Bachelor degree in Security, Computer Science or relevant field.
* Proven experience in information security and risk management field, especially with Technology Risk Management / IT Audit in Enterprise organisations.
* Understanding of cloud security controls with multiple Cloud service providers such as: AWS, Google Cloud, Azure.
* Experience in GDPR and compliance audits (such as PCI DSS, SOC).
* Relevant certifications such as ISO 27001 LA/LI, CCSK, CIPP/E, CISA or CISM etc.
* Conducting attestation audits such as SOC I, SOC 2 (type I and II) audits.
* Strong experience in understanding and deploying risk management and security frameworks such as NIST, CSF and ISO.
* In-depth understanding of network and system security technology and practices across all major computing areas (Network, firewalls, client/server, PC/LAN, telephony) with a special emphasis on Internet related technology.
* Understanding of DLP and eDiscovery tools as well as mapping Data Flows and processes.
* Stakeholder engagement skills.
* Ability to present complex solutions and methods to a general community.
* Excellent written, verbal communication and organisational skills.
Please apply online.
#J-18808-Ljbffr