Job Summary
Serve as a GRC Specialist with deep experience in cloud native security risk and compliance to strengthen enterprise controls and protect critical data assets in a hybrid work setting. Apply expertise in GCP native security vulnerability and compliance management vendor risk oversight and ServiceNow GRC to embed governance into daily operations while enabling secure innovation for global stakeholders.
Responsibilities
- Should have information security background 3 - 5 years.
- Capable of understanding and assessing gaps based on frameworks such as NIST CIS etc.
- Able to support during EST/PST hours for collaboration.
- Should be comfortable drafting presentations and co-ordinate with key stakeholders.
- Willing to learn and deliver on the job
Scope and Key Deliverables
Deployment 1 CJ 2.1 Existing Applications
1. Check the Survey questionnaire.
2. Gap Assessment for v2.1 controls.
3. Pre-population of control questionnaire with answers from Survey Questionnaire.
4. Send pre-populated control questionnaire to SMs for re-certification.
5. Identify Gaps & Remediation.
6. Raise Exception or Submit evidence for remediation to close the gap.
7. Pending CJ 2.0 tasks.
8. Get approvals for exceptions in progress.
9. Track status of controls for approved exceptions.
Deployment 2 CJ 2.1 New applications
1. Document the process for onboarding new applications into CJ 2.1.
2. Revalidation of existing CJ data and Tier.
3. Identification of new CJ data and Tier.
4. CJ Applicability Assessment.
5. Perform CJ applicability assessment for each application.
6. Identify new applications from New Entities for onboarding into CJ 2.1.
7. Identify new applications from existing entities for onboarding into CJ 2.1.
8. Get inventory of Applications to be scoped for CJ 2.1.
Deployment 3 CJ 2.1 Metrics & Dashboards
1. Produce data for generating the Reports Metrics & Dashboards.
Qualifications
- Demonstrate seven to nine years of specialized experience in governance risk and compliance functions with significant exposure to enterprise scale technology environments.
- Apply strong hands on expertise in GCP native security capabilities such as identity management logging configuration assessment and data protection to secure cloud workloads.
- Use solid background in vulnerability management tools practices and coordination to ensure timely identification prioritization and remediation of technical weaknesses.
- Bring proven experience in compliance management by interpreting regulatory frameworks and industry standards and translating them into practical control activities for technology teams.
- Show practical knowledge of vendor risk management by evaluating third party security controls contracts and attestations to protect information shared with external partners.
- Utilize experience with ServiceNow GRC configuration workflows and reporting to build structured governance processes that reduce manual effort and improve traceability.
- Apply incident management experience in assessing security and compliance events coordinating with responders documenting actions and supporting continuous improvement initiatives.
关于高知特 (Cognizant)
高知特(Cognizant)(纳斯达克代码:CTSH)作为一家AI Builder和相关技术服务提供商,致力于通过打造全栈AI解决方案,帮助企业将人工智能投资转化为实际价值。公司凭借深厚的行业经验、流程优化和工程技术专长,将企业独特的业务场景融入科技系统,赋能组织释放人才潜能,推动切实成果,并帮助全球企业在瞬息万变的环境中保持领先。如需了解更多详情,敬请访问 cognizant.ai 或关注@cognizant。
补充雇佣信息
薪酬信息截至本职位发布之日为准。Cognizant 保留在适用法律允许的范围内随时修改该信息的权利。
申请人可能需要通过现场面试或视频会议的方式参加面试。此外,候选人在每次面试时可能需要出示其当前所在州或政府签发的有效身份证件。
Cognizant 是一家提供平等就业机会的雇主。在招聘过程中,您的申请和候选资格不会因种族、肤色、性别、宗教、信仰、性取向、性别认同、国籍、残疾、遗传信息、怀孕、退伍军人身份或任何其他受联邦、州或地方法律保护的特征而受到影响。
