Sr. Manager – Information Security Assurance // Remote Work

Job Category: Sr. Manager - Information Security Assurance
Job Type: Full Time
Job Location: remote

Description

The scope of this position focuses on the Cybersecurity Oversight and Governance for Cognizant. Cognizant requires an ISA Sr. Manager to execute the security governance risk and compliance program for the Healthcare business unit. The ISA Sr. Manager will provide operational support as an individual contributor within the Corporate Security organization. Additional activities include supporting strategic and technical initiatives, performing Operational Risk Assessments, managing Risk Acceptance activities, developing annual risk posture and remediation recommendation report, and completion verification reviews of security projects and initiatives. Candidates will have a proven ability to infuse innovation and creativity into tactical activity with a focus on exceptional customer service.

Key Responsibilities include:

  • Contribute to, and improve, the operations of Security Risk Management by identifying and managing the treatment of risks to Cognizant and client information
  • Contribute towards the execution of policies, standards and procedures specific set by enterprise standards and account specific standards as they apply to security governance, risk, and compliance requirements
  • Perform security risk assessment activities, including third party evaluation and management, and related analysis, including ongoing compliance monitoring in coordination with governance lead and external team members
  • Plan and support the execution of risk mitigation actions established as a the result of risk assessments and related analysis
  • Contribute to the production and improvement of the content, quality, and timing of security governance, risk and compliance analysis and reporting
  • Monitor and evaluate security measures to protect against reasonably anticipated threats or hazards to the privacy, security or integrity of protected information (PHI, PII, PI, IP)
  • Develop project plans, estimations, specifications, flowcharts, and presentations
  • Perform tasks as set forth by the information Risk Management Head
  • Contribute to regular project reviews and accurately communicates the status of projects in both formal and informal settings throughout project lifecycle.
  • Contribute towards the execution of activities including the identification of compliance gaps, the development of remediation plans, documentation, monitoring compliance status, and ultimately provide attestation of compliance
  • Contribute towards the execution of security compliance reviews of master service agreements and advise business team regarding gaps and corresponding mitigation requirements
  • Meet with clients to review contracts, provide security overview for assurance, manage incidents updates, and support business opportunities
  • Contribute to the design and implementation of technical security safeguard architecture
  • Works with infrastructure teams to execute the vulnerability management program
  • Works closely with infrastructure and application owners to validate secure coding best-practices
  • Validate, support, and improve the Application Security program, the static and dynamic scanning infrastructure, and execute governance assessments
  • Support the assurance that developers have the required infrastructure, security tools, and training to ensure secure code development
  • Will identify the source of a security breach quickly and move toward containment is essential and be able to manage multiple projects on a daily basis
  • Will operate in a close team of computer digital forensic, fraud, and other IT investigative experts
  • Build rapport, credibility, and cohesion across all business unit teams and IT teams in the course of managing the projects
  • Document and track all incidents to meet audit, compliance, and legal requirements
  • Conduct root cause analysis to identify gaps and recommendations ultimately remediating risks to the firm
  • Periodically reports progress to management, and assesses and measures results related to Information Security activities
  • Other duties as assigned

Cognizant US Corporation is an Equal Opportunity Employer Minority/Female/Disability/Veteran. If you require accessibility assistance applying for open positions in the US, please send an email with your request to CareersNA2@cognizant.com

Qualifications

Candidate must possess the following:

  • The candidate should have a Bachelor’s degree in Information Systems Risk Management, Computer Science, or related field, equivalent experience may be considered
  • 7-10 Years of experience with a thorough understanding of information security principles and practices
  • 3-5 years of previous client facing and advisory experience required. Big4 IT risk management consulting experience a plus
  • 3-5 years of experience in a Cyber Security or Risk Advisory role for regulated environments
  • Be pro-active and self-motivated
  • Be inspirational, enthusiastic and a promoter of information security
  • Must be reliable and adaptable
  • Exude confidence and professionalism
  • Excellent written and verbal communication and organizational skills
  • Outstanding work ethic
  • Strong team player that collaborates well with others to solve problems and actively incorporate input from various sources
  • Experience with working on global teams across time zones, cultures and languages
  • Demonstrable strong leadership skills
  • Ability to think strategically, work with a sense of urgency and pay attention to detail
  • Ability to present complex solutions and methods to a general community
  • Independent thinking, willingness to “step outside the box” and take reasonable, calculated risks
  • Have experience performing Information security risk management tasks within a large organization
  • Proficiency and experience in the execution of dynamic controls frameworks and regulatory standards to include but not limited to ISO, COBIT, NIST, HIPAA, GCP, GLP, GMP, (GxP), PCI, HITRUST, and other relevant industry regulations, standards, and guidelines
  • Proficiency, and experience, devising and using information security risk management tools and related methodologies to include GRC tools and applications
  • Ability to create professional documents using Excel, PowerPoint, Word, and other common industry recognized tools
  • Strong intellect and analytical skills
  • Be familiar with current good security practices gleaned from sources such as ISO and NIST plus applicable laws and regulations
  • Security certifications desired such as HCISPP, CHPS, CISA, CISSP, CISM, and CRISC

If interested, please apply at Sr. Manager – Information Security Assurance (indeed.com)

Apply for this position

Allowed Type(s): .pdf, .doc, .docx