Senior Information Risk Consultant (Cyber risk management)

Cognizant Romania is home to 2400+ creative technologists and is one of Eastern Europe's largest Software Product Engineering delivery networks. We serve global clients in several industries, including Banking & Financial Services, Insurance, Healthcare & Life Sciences, Communication Media & Technology, and Retail & MLEU (manufacturing, logistics, energy & utilities).

Cognizant Romania was established in 2018 when Cognizant acquired Softvision, a company founded in the late 1990s in Cluj-Napoca, Romania. We continue to build on our history as the preferred engineering partner for thriving Silicon Valley tech companies, now as a prominent Cognizant next generation studio.

We are looking for exceptional Senior Information Risk Consultant (Cyber risk management) that will provide expertise with security risk management and assessment of:

• Azure cloud services (including but not limited to capabilities for IAM, Network Security, Policy Management, Key Management, etc.)
• IT Products, platforms, and services (cloud and non-cloud)
• Solutions with complex hybrid architectures
• Identity and Access Management Governance

Specific responsibilities include:

1. Senior individual contributor for information security risk management projects. Sample projects/programs could include but are not limited to:

• Control design and assessment for high-demand technical areas such as ERP, IT Service Management, Identity and Access Management, IT Resiliency, Cloud, etc.
• Compliance framework mapping and implementation,
• Risk remediation management,
• Information Security risk reporting and monitoring
• Creation of roadmaps to mature or advance Information Security Strategies/Programs/Controls
• Design and enablement of cyber controls functions and processes
• Direct experience as a power user of Cybersecurity GRC/ solutions, tools, and technologies, specifically ServiceNow and Archer
• Projects or roles requiring coordination across lines of defense working with technical, business, compliance, risk, and audit teams to deliver solutions.

2.Delivery of information security risk assessments for large-scale IT implementation projects including consulting with security architecture function for threat modeling, appropriate tiering of N tier products/platforms, design of infrastructure security controls to protect system components.

3.Practical use of risk management concepts and principles - including assessment, prioritization, delivery of treatment plans, tracking and reporting. Experience with NIST-SP800-30, ISO 27001/2, ISO 27005, COBIT.

4.Consult and review the implementation of authentication, authorization (fine grained and coarse grained), and cryptography (PKI, SSL, Kerberos, crypto algorithms) mechanisms within applications.

5.Consult with security assurance function on the delivery of technical security standards, configuration baselines and related procedures for the hardening of both cloud and non-cloud application and infrastructure components, tools, and techniques to ensure the security of application and infrastructure components such as LINUX/Windows servers, Web servers (IIS, Apache, tomcat), app servers, Databases (Oracle and MS SQL), endpoints (MAC, Windows, Apple IOS, etc.), and Web Application Firewalls.

6.Collaborate with other security functions e, g. security architecture, security assurance, offensive security team (red/purple team), application security penetration testing team, to review and apply appropriate risk levels to the output of the assessments performed by the functions.

7.Maintain impartiality around IT systems to produce unbiased reports on information security risk.

8.Works closely with IT project teams to develop implementation plans for new security-related products and services.

9.Conducts quality assurance reviews of security requirements for the implementation of identified solutions.

10.Define/enhance process and procedures for using external security service providers including scoping, management of services, remediation tracking, and exception management.

Experience must include:

1. Prior work in a technical cybersecurity risk management function at organizations with security related regulatory requirements.
2. Practical use of risk management concepts and principles - including assessment, prioritization, delivery of treatment plans, tracking and reporting, and metrics (accreditation and certification). Experience with NIST-SP800-30, ISO 27001/2, ISO 27005, COBIT.
3. Embedding security into processes such as SDLC, Project Lifecycle, ITIL, etc.
4. Demonstrated cybersecurity expertise with infrastructure, applications, and database system technologies.
5. Basic IT consultancy skills. Ability to consult and deliver on the security hardening of application and infrastructure components, including tools, and techniques to ensure the security of application, database, and infrastructure components.
6. Pragmatic security expert with an inherent ability to balance security demands with business reality. Ability to quickly grasp how new technologies work and how security controls should be applied to achieve business goals.
7. Knowledge of security solutions, latest threats, and countermeasures.

Education

1. Bachelor's degree in information security, computer science, engineering, mathematics, business, or related field of study plus a minimum of 12 years of relevant experience in regulated industries working as an information risk manager or IT security architect; OR
2. Advanced degree in Information Security, computer science, engineering, mathematics, business, or related field of study plus a minimum of 6 years of relevant experience in regulated industries working as an information risk manager or IT security architect.

Certifications: (Minimum plus at least 2 preferred)

1. CISSP or CISM (minimum required)
2. CCSP (preferred)
3. Microsoft Certified: Cybersecurity Architect Expert (preferred)
4. Other Microsoft cloud security related certifications at the Expert level (preferred)
5. GIAC certifications (preferred)
6. Offensive security related certifications (preferred)

Cognizant Romania Employee Benefits:

• Flexible Work Schedule - Outside of main work hours, you can create a schedule that suits your needs
• Hybrid workplace - Whether you like to work from home or go to the office, the choice is yours
• Annual Vacation Days - 26 days to relax, explore and spend time with loved ones
• Trainings, workshops, and certifications, unlimited Udemy subscription and more
• Private medical package
• Meal tickets
• Referral bonuses
• Life insurance
• Banking services
• Bookster
• EAP program - wellbeing programs

Please note that only suitable candidates will be contacted and that by applying to this role you are being informed about your personal data being processed by Cognizant.

You can find more details here: https://www.cognizant.com/us/en/privacy-notice