Cognizant Job - 41407931 | CareerArc
  Search for More Jobs
Get alerts for jobs like this Get jobs like this tweeted to you
Company: Cognizant
Location: Teaneck, NJ
Career Level: Mid-Senior Level
Industries: Technology, Software, IT, Electronics


Senior Manager – Information Risk Management

Security and Technology Risk Management (S&T RM) program encompasses a global team that act as Integrated Risk Management to the Organization, who are responsible for ensuring all security and IT technology controls are operating effectively and technology risks pertaining to corporate infrastructure are managed end to end. This role is for S&T IRM Control Validation and Assurance team within Security & Technology function, who will be involved into continuous control testing program for corporate cyber security infrastructure to identify, analyze and mitigate technology and information related risks.


We are seeking a Senior Manager – Security & Technology Risk Management, to be part of Corporate Security Group, and play a key role in the overall management of the Security and Technology Risk Management practice for Cognizant Corporate and Business functions worldwide.

The key responsibilitie of the Senior Manager – Security & Technology Risk Management will include and will not be limited to:

  • Validation and testing of the policies and standards' compliance, set by the enterprise standards as they apply to cyber security requirements
  • Development of a control testing framework, an assessment questionnaire,  test procedures and technical and functional documents required for respective control testing activities
  • Competence as a subject matter expert for cyber defense framework and control testing related activities, as well as for all security matters 
  • Performance of a periodic technology control testing/ assessment and conduct related ongoing compliance monitoring activities again corporate, industry specific and international standards and frameworks for incofmratio and cyber security such as: NIST 800-53, ISO/IEC 27001:2013, HITRUST, TISAX, SOC 1,2, etc. 
  • Perform NIST CSF capability maturity model assessment on half-yearly basis 
  • Provision of periodic updates to the management on compliance effectiveness through reports, metrics, statistics, etc.
  • Responsible for managing Monthly Business Review (MBR) meeting with leadership, wherein team's utilization & performance will reviewed
  • Provide periodic updates to the management on compliance efforts 
  • Coordination among the interested groups and corporate functions to develop and monitor security metrics for the same
  • Execution of internal audits and related corrective follow up acitivites
  • Facilitation of certification audits, supporting internal and external stakeholders and auditors
  • Ability to work with a sense of urgency and attention to detail
  • Ability to present complex solutions and methods to business and non-techinical community
  • Ability to interact with all chiereatical levels of associates and management
  • Broad-minded, with ability to "think outside the box", and take off-beat decisions in an urgency mode
  • Flexible adaptivity to a dynamic and diverse working environment
  • Excellent communication and organizational skills
  • Outstanding work ethics and emotional inteligence
  • Continuously updating about information and cyber security related vulnerabilities, threats and risks 
  • Strong team player that collaborates well fits within multi-cultural teams across the globe, different time zones (if required) and different languages 


  • A four-year college degree in Computer Science or equivalent certification is required. 
  • A minimum of 12+ years of experience working in a technical security position, architecture, Network/ Infrastructure operations and proven track record of leading a team
  • In-depth understanding of network and system security technology and practices across all major-computing areas (client/ server, Cloud, IoT, IPA, AI, data science) with a special emphasis on Internet related technology. 
  • Hands-on knowledge of controls design, controls testing and risk assessment
  • Working knowledge on ISO/ IEC 27001: 2013 international standard and ISO/ IEC 27002: 2013 code of practise and responsible for executing below key activities:
    • Conduct internal security audits for Cognizant delivery centers in Americas Region
    • Coordinate audit related activities among the relevant stakeholders
    • Provide information security guidance to the corporate and business functions in the certification scope
    • Facilitate the external certification audits among internal and external stakeholders and auditors
    • Confirm the objectiveness of the audit results, and the relevant corrective actions and root cause analysis (RCA)
  • Significant knowledge in Cybersecurity organization practices, risk management principles, architectural requirements, engineering threats and vulnerabilities, including incident response methodologies
  • Working knowledge on Cyber Kill Chain and MITRE ATT&CK Framework implementation would be highly preferred
  • Significant experience of reporting and presenting cyber risks and controls information with the wider business, regulatory and industry context, in a straight forward and objective way
  • Excellent management skills, with the ability to navigate effectivelly a complex organization, as well as build strong relationships and colaborations across the business teams
  • Experience in developing and embedding Cyber risk policies, setting Cyber risk appetite and embed processes to assess performance against the same
  • Experience in leading reviews, where these relate to Cyber risk and understand the lessons learned
  • Delivery of gap assessments against Cyber Security policy, standards and technology risk requirements
  • Strong understanding of cyber security products and technologies utilized in enterprise environments
  • Strong understanding of Cloud computing platforms, primarily Amazon AWS and Microsoft Azure.
  • Expariance in threat modeling techniques and development of such
  • Proven expertise in managing project work streams in system security, cyber security controls or information security management environment, specifically in the information security domains: 
    • Security Architecture and Strategy (Integrated Risk Management) 
    • Identity & Access Management 
    • Data Loss Prevention, with a focus on Data Classification, Data Flow, Encryption 
    • Security Function Design and Governance 
    • Information Security Incident Management 
    • Security Infrastructure 
    • Cloud Security 
  • Ability to operate remotely, in a diverse and multi-cultural environment with consultancy exposure
  • A high level of deliverables integrity and results oriented approach 
  • Focused personality, with a demonstrated ability to take initiative, successfully handle and prioritize multiple competing assignments and effectively manage deadlines 
  • Security certifications desired such as CISM, ISO/IEC 27001:2013 Lead Auditor, CISSP, SANS GIAC Certifications, CISA and Cloud certifications, etc. 

Employee Status : Full Time Employee

Shift : Day Job

Travel : No

Job Posting : Oct 27 2021

About Cognizant

Cognizant (Nasdaq-100: CTSH) is one of the world's leading professional services companies, transforming clients' business, operating and technology models for the digital era. Our unique industry-based, consultative approach helps clients envision, build and run more innovative and efficient businesses. Headquartered in the U.S., Cognizant is ranked 185 on the Fortune 500 and is consistently listed among the most admired companies in the world. Learn how Cognizant helps clients lead with digital at or follow us @USJobsCognizant.

Applicants may be required to attend interviews in person or by video conference. In addition, candidates may be required to present their current state or government issued ID during each interview.

Cognizant is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by law.

If you have a disability that requires a reasonable accommodation to search for a job opening or submit an application, please email with your request and contact information.

 Apply on company website