Risk Management Cognizant
Teaneck, NJ

Job Description

We continuously seek extraordinary associates when recruiting newemployees. We pride ourselves on having extensive experience working withclients in all major markets. Cognizant's delivery model is infused with adistinct culture of high customer happiness. We consistently deliver positiverelationships, cost reductions and business results.

At Cognizant, we believe those who challenge the way they work today willlead the way tomorrow. Are you ready to be a change-maker? Do you love thechallenge of bringing teams together to tackle business problems? Do you dreamof working with a dynamic learning community that offers the latest knowledgein Risk Management? If you answered yes to these questions, have you thoughtabout becoming part of Cognizant's Corporate Security team?

We are currently seeking highly skilled Manager, in our Corporate SecurityInformation Risk Management team with experience in projects with in theHealthcare sector. We are seeking out the best problem-solvers, idea-makers,and high-energy Cyberseurity professionals for our fast-growing practice area.We need people with good instincts and a positive outlook that can overcome anyobstacle.

Manager, Corporate Security Information Risk Management / (GRC) and Audit /Attestation

Cognizant is seeking a Manager, Corporate Security Information RiskManagement (IRM). This positions scope is focused on the CybersecurityOversight and Governance for Cognizant Healthcare (CHC). CHC solutions reach250,000 care providers, streamline processes for more than 350 payers and touchover half the U.S. insured population. Cognizant requires a Manager, CorporateSecurity - GRC to help execute the Security Program. The Manager, CorporateSecurity - GRC supports strategic and technical initiatives, includingperformance of Operational Risk Assessments, leading Risk Acceptanceactivities, developing annual risk posture and remediation recommendationreport, and completion verification reviews of security projects andinitiatives. The Manager, Corporate Security - GRC will report directly to aSenior Manager, Corporate Security IRM/GRC.

Key Responsibilities include:

* Be responsible for the Cyber Security risk assessment program for Cognizant Healthcare, running the program providing solutions from; development, implementation, maintenance, and solution architecture
* Run risk assessment activities coordinating with the security team, Senior Leadership, vendors, and contractors
* Serve as an advisor in the development, implementation, and maintenance of a company-wide information security policy and control framework
* Provide process improvement support in the functional area of Governance, Risk and Compliance
* Provide periodic analysis of corporate risk position, based on analysis of current controls status and current cyber threat landscape
* Assist with items to be added/maintained in the corporate risk register
* Assist in the development, configuration, and implementation of GRC toolsets
* Collect evidence of project completions and maintain program records.
* Monitor developments in the information security industry including vendor strategies and communicate on the potential impact on or applicability to the organization
* Promote security culture and drive continuous security improvements. Ensure technical and operational security controls are incorporated into new systems and applications through participation in planning groups and the review of new systems, installations, and other major changes
* Provide advice and assistance to internal team and external entities concerning the security of information and critical data processing capabilities
* Interpret HIPAA / HITRUST controls and properly apply the specifications across the operational responsibilities to help build cost-effective, scalable security controls and infrastructure to sustain certification levels across the enterprise
* Inspire new ways of thinking and performing activities while creating a team environment where members accept change and adopt new practices
* Establish trust, credibility, and cohesion across all business unit teams and IT teams in the course of handling the projects
* Engages with and participates with multi-functional independent representations of management to ensure appropriate oversight and governance of the security program
* Ensures that assessment functions periodically review key programs related to information protection to obtain independent assessments of the security program effectiveness
* Periodically reports progress to management, and assesses and measures results related to Information Security activities
* Management and mentoring of direct reports as applicable
* Handle third-party attestation efforts and provide engagement thought leadership to internal and external partners
* Other duties as assigned

Required Knowledge and Skills:

* You will have 5-8 years of combined experience between IT Security Governance and various Cyber Security disciplines
* Your client facing/advisory experience is 2-4 years of previous client. With Big4 IT risk management consulting experience a plus
* You would possess 3-5 years of experience in a Cyber Security or Risk Advisory role for regulated environments
* You have 3-5 experience with SSAE 16/18 reporting on controls at Service Organizations, SOC 2, and PCI level 2 compliance.
* You'd possess in depth knowledge in at least two of the following: HIPAA regulatory requirements, ISO27001 and ISO27002, NIST 800-53, HITRUST/NIST CSF (other regulatory experience may be considered)
* You'd have a Bachelor's Degree in Computer Science, Engineering or related field required.
* Your certifications will include CISA, CISSP, CRISC, or other relevant information security industry recognized
* You're strong in oral communication, business writing, presentation, and facilitation skills