Job Summary
The GRC Consultant is a client facing advisory role responsible for delivering high quality consulting engagements across governance risk and compliance domains. The Consultant partners directly with clients to assess current state security posture recommend improvements and guide implementation of GRC tooling and frameworks. The role requires a balance of advisory acumen technical fluency in OneTrust and KnowBe4 and strong communication skills to translate findings into actionable client
Responsibilities
Experience Required
5 to 8 years of consulting or advisory experience in Information Security GRC risk management or regulatory compliance domains.
Key Responsibilities
Lead client facing GRC consulting engagements scoping planning delivery and presentation of findings and recommendations.
Conduct Risk Assessment Support engagements for clients including risk workshops control assessments risk treatment planning and roadmap development.
Deliver Regulatory Compliance Assessment Support across multiple frameworks (ISO 27001 NIST CSF GDPR HIPAA PCI DSS SOX) perform gap analyses and design remediation plans.
Advise clients on Third Party Risk Assessment programs vendor risk methodology tiering criteria due diligence workflows and contractual control requirements.
Design and implement phishing simulation programs using KnowBe4 for clients including baseline testing awareness training rollout and effectiveness measurement.
Configure OneTrust modules (IT Risk Vendor Risk Compliance) for client environments and provide hands on enablement and knowledge transfer.
Develop policies procedures standards and operational playbooks tailored to each clients regulatory profile and risk appetite.
Present findings dashboards and strategic recommendations to client leadership audit committees and project sponsors.
Technical Skills & Technologies
OneTrust IT Risk Vendor Risk Regulatory Compliance and Privacy modules (consulting grade fluency).
KnowBe4 Phishing simulation strategy and Security Awareness Training program design.
Frameworks ISO 27001 or 27002 NIST CSF NIST 800 53 COBIT COSO ERM.
Regulations GDPR HIPAA SOX PCI DSS SOC 2 DORA regional data protection laws.
Strong proficiency in MS Office PowerPoint storytelling and consulting deliverable design.
Required Qualifications
Bachelors degree in Computer Science Information Technology Information Security Business or a related field.
Proven experience in client facing GRC consulting or advisory roles.
Hands on experience implementing or configuring OneTrust and managing KnowBe4 based awareness programs.
Strong understanding of risk management regulatory frameworks and audit processes.
Demonstrated ability to lead workstreams and present to senior client stakeholders.
Certifications Required
CISA Certified Information Systems Auditor
CRISC Certified in Risk and Information Systems Control
CISM Certified Information Security Manager
ISO/IEC 27001 Lead Auditor or Lead Implementer
OneTrust
关于高知特 (Cognizant)
高知特(Cognizant)(纳斯达克代码:CTSH)作为一家AI Builder和相关技术服务提供商,致力于通过打造全栈AI解决方案,帮助企业将人工智能投资转化为实际价值。公司凭借深厚的行业经验、流程优化和工程技术专长,将企业独特的业务场景融入科技系统,赋能组织释放人才潜能,推动切实成果,并帮助全球企业在瞬息万变的环境中保持领先。如需了解更多详情,敬请访问 cognizant.ai 或关注@cognizant。
补充雇佣信息
薪酬信息截至本职位发布之日为准确。Cognizant 保留在适用法律允许的范围内随时修改该信息的权利。
申请人可能需要通过现场面试或视频会议的方式参加面试。此外,候选人在每次面试时可能需要出示其当前所在州或政府签发的有效身份证件。
Cognizant 是一家提供平等就业机会的雇主。在招聘过程中,您的申请和候选资格不会因种族、肤色、性别、宗教、信仰、性取向、性别认同、国籍、残疾、遗传信息、怀孕、退伍军人身份或任何其他受联邦、州或地方法律保护的特征而受到影响。
