Cybersecurity Assurance

Cognizant Romania is home to 2400+ creative technologists and is one of Eastern Europe's largest Software Product Engineering delivery networks. We serve global clients in several industries, including Banking & Financial Services, Insurance, Healthcare & Life Sciences, Communication Media & Technology, and Retail & MLEU (manufacturing, logistics, energy & utilities).

Cognizant Romania was established in 2018 when Cognizant acquired Softvision, a company founded in the late 1990s in Cluj-Napoca, Romania. We continue to build on our history as the preferred engineering partner for thriving Silicon Valley tech companies, now as a prominent Cognizant next generation studio.

We are looking for exceptional Senior Information Risk Consultant (Cybersecurity Assurance) will provide expertise with definition, design, engineering, and validation of security configuration of technology platforms in the cloud and on-premise.

Specific responsibilities include:

1. Senior individual contributor to provide cybersecurity assurance expertise for a broad range of IT initiatives. This includes but is not limited to defining, guiding the engineering and validating implementation of technology agnostic security control standards, technology-specific configuration baselines and implementation guidelines for technology platforms (both cloud and on-prem) and services.
2. Maintain impartiality around IT systems to produce unbiased reports on information security risk.
3. Conducts quality assurance reviews of security requirements and audit recommendations for the implementation of identified solutions.
4. Effectively communicates requirements and educates stakeholders in IT divisions on appropriate security design and technical configuration of related controls on IT platforms throughout their lifecycle,
5. Works closely with IT project teams to develop implementation plans for new security-related products and services.
6. As an advocate of information security, works closely and proactively with IT stakeholders, service providers, and business units to provide security-related technical solutions. Identifies opportunities to improve business practices or IT security-related processes.
7. Prioritizes, monitors, and assesses compliance and audit recommendation results to ensure they are comprehensive, robust, and of high quality.
8. Support the information security assurance manager in maintaining ISO 27001 certification by promoting self-compliance to policies and standards by IT staff and managers. Keeps abreast of international information security codes of practice such as ISO 27001/27002, information security and privacy regulations and how these measures could affect information assets owned by, or administered.
9. Analyzes, recommends, and implements process improvements within the context of information security.

Experience should include:

1. Prior work in a technical security assurance/engineering function at organizations with security related regulatory requirements.
2. Technical security working experience with a broad range of Azure services.
3. Advanced working knowledge of:

• Azure Cloud and Microsoft 365 security controls, solutions, and future roadmaps.
• Microsoft Entra, Azure Key Vault, Microsoft Defender for Cloud/O365, Azure monitor, Azure API Management, Azure Network Security, Azure Policy, Microsoft Defender External Attack Surface Management and Azure Kubernetes Service.
• Security configuration of Microsoft Purview to ensure principle of least privileged for complex use-cases is a significant plus.

4.Demonstrated cybersecurity expertise with infrastructure, applications, and database system technologies.

5.Hands -on security configuration of platforms (cloud and non-cloud).

6.Basic IT consultancy skills. Ability to consult and deliver on the security hardening of application and infrastructure components, including tools, and techniques to ensure the security of application, database, and infrastructure components.

7.Pragmatic security expert with an inherent ability to balance security demands with business reality. Ability to quickly grasp how new technologies work and how security controls should be applied to achieve business goals.

8.Knowledge of security solutions, latest threats, and countermeasures.

Education

• Bachelor's degree in information security, computer science, engineering, mathematics, business, or related field of study plus a minimum of 12 years of relevant experience in regulated industries working as an information risk manager or IT security architect; OR
• Advanced degree in Information Security, computer science, engineering, mathematics, business, or related field of study plus a minimum of 6 years of relevant experience in regulated industries working as an information risk manager or IT security architect.

Certifications: (Minimum plus at least 2 preferred)

• CISSP or CISM (minimum required)
• CCSP (preferred)
• Microsoft Certified: Cybersecurity Architect Expert (preferred)
• Microsoft Certified: Azure Solutions Architect Expert (preferred)
• Other Microsoft cloud security related certifications at the Expert level (preferred)
• GIAC certifications (preferred)
• Offensive security related certifications (preferred)

Cognizant Romania Employee Benefits:

• Flexible Work Schedule - Outside of main work hours, you can create a schedule that suits your needs
• Hybrid workplace - Whether you like to work from home or go to the office, the choice is yours
• Annual Vacation Days - 26 days to relax, explore and spend time with loved ones
• Trainings, workshops, and certifications, unlimited Udemy subscription and more
• Private medical package
• Meal tickets
• Referral bonuses
• Life insurance
• Banking services
• Bookster
• EAP program - wellbeing programs

Please note that only suitable candidates will be contacted and that by applying to this role you are being informed about your personal data being processed by Cognizant.

You can find more details here: https://www.cognizant.com/us/en/privacy-notice