Governance, Risk, and Compliance Engineer, Blue Ash, Ohio, United States

About Cognizant

Cognizant is one of the world’s leading professional services companies, helping clients modernize technology, reimagine processes, and manage risk in complex and highly regulated environments. Cognizant supports secure, compliant, and resilient operations across industries.

Role Summary

The Governance, Risk, and Compliance (GRC) Engineer supports the implementation, validation, and continuous monitoring of security and compliance controls across the organization. This role ensures alignment with regulatory and contractual requirements and maintains audit readiness against frameworks such as NIST SP 800‑171 and CMMC Level 2. The GRC Engineer works closely with technology teams and business stakeholders to assess risk, remediate gaps, and improve compliance processes.

Key Responsibilities

Support the implementation and validation of security and compliance controls aligned with NIST SP 800‑171 and CMMC Level 2.
Ensure compliance evidence is accurate, complete, and audit‑ready.
Collaborate with service owners to conduct risk assessments, document findings, and track remediation activities through closure.
Maintain and update risk registers, including residual risk and mitigation plans.
Prepare audit artifacts and coordinate walkthroughs and interviews for internal and external audits.
Drive remediation efforts with control owners and support prevention of recurring audit findings.
Contribute to the creation, review, and revision of security and compliance policies.
Support role‑based security training, awareness activities, and phishing campaigns.
Develop and maintain reporting workflows to track compliance status, risk metrics, and remediation progress.
Partner with cross‑functional teams to translate compliance requirements into operational processes.
Participate in onsite or virtual audits as required to verify ongoing compliance.

Required Qualifications

3–7 years of experience in governance, risk, compliance, information security, or a related field.
Experience supporting compliance initiatives aligned with NIST SP 800‑171 and CMMC Level 2.
Working knowledge of vulnerability management and risk management practices.
Experience with governance, risk, and compliance platforms and IT service management tools.
Familiarity with ISO 27001 and information security awareness programs.
Strong documentation, organizational, and communication skills.

Preferred Qualifications

Security or compliance certifications such as Security+, CISA, CISM, CISSP, ISO 27001 Lead Implementer/Auditor, CCP, or CMMC Certified Professional.
Experience maintaining audit‑ready evidence and supporting remediation activities across multiple teams.

Work Model

We believe hybrid work is the way forward as we strive to provide flexibility wherever possible. Based on this role’s business requirements, this is a hybrid position requiring 3 days a week in our office in Blue Ash, Ohio. Regardless of your working arrangement, we are here to support a healthy work-life balance though our various wellbeing programs.

The working arrangements for this role are accurate as of the date of posting. This may change based on the project you’re engaged in, as well as business and client requirements. Rest assured; we will always be clear about role expectations.

We're excited to meet people who share our mission and can make an impact in a variety of ways. Don't hesitate to apply, even if you only meet the minimum requirements listed. Think about your transferable experiences and unique skills that make you stand out as someone who can bring new and exciting things to this role.

Legal & Work Authorization

Candidates must be legally authorized to work in the United States. Employment eligibility verification will be required at the time of hire.

About us
Cognizant (Nasdaq: CTSH) is an AI Builder and technology services provider, building the bridge between AI investment and enterprise value by building full-stack AI solutions for our clients. Our deep industry, process and engineering expertise enables us to build an organization’s unique context into technology systems that amplify human potential, realize tangible returns and keep global enterprises ahead in a fast-changing world. See how at www.cognizant.com or @cognizant.

Additional employment information
Compensation information is accurate as of the date of this posting. Cognizant reserves the right to modify this information at any time, subject to applicable law.

Applicants may be required to attend interviews in person or by video conference. In addition, candidates may be required to present their current state or government issued ID during each interview.

Cognizant is an equal opportunity employer. Your application and candidacy will not be considered based on race, color, sex, religion, creed, sexual orientation, gender identity, national origin, disability, genetic information, pregnancy, veteran status or any other characteristic protected by federal, state or local laws.