Business Information Security Analyst

Role: Business Information Security Analyst

Location: India (Bangalore)

Geographic Coverage: Asia-Pacific & Japan

What makes Cognizant a unique place to work? The combination of rapid growth and an international and innovative environment! This is creating many opportunities for people like YOU — people with an entrepreneurial spirit who want to make a difference in this world.

The Business Information Security (BIS) is a global team responsible for ensuring all security risks on Client Delivery engagements are managed end to end and establish trust across a wide variety of exciting engagements. The group frequently engages with our business leaders and customers to identify, assess and mitigate security risks. The team is also the primary touchpoint between the wider Corporate Security community to deliver our security obligations to customers.

Cognizant requires Information Security leaders to expand, lead and manage the security improvements within Asia-Pacific and Japan (AP&J) region. Candidates will have the opportunity to demonstrate and develop skills in Security Governance, Risk and Compliance, grounded the domain of IT Engineering and Project Management.

Duties & Responsibilities

Security Governance

§ Manage and implement security Governance, Risk and Compliance (GRC) for our wide variety of client delivery engagements within the region, including banking, insurance, mining, telco and public sectors.

§ Observe and apply regional and international cyber security and privacy laws, frameworks and standards such as ISO 27001, NIST-CSF, APRA CPS, Privacy Act, GDPR, IRAP ISM, PSPF, CII and Essential Eight.

§ Work with the Business Information Security Officer (BISO) and affiliated Centre of Excellence (CoE) leaders to ensure organisational practices align with business objectives and evolving threat landscape.

Security Risk and Control Management

§ Engage with variety of stakeholders: business leaders, auditors, customer security officers, legal, HR, and IT teams to understand security requirements and risk scenarios.

§ Apply end-to-end risk management principles guided by business context and risk appetite. Identify, assess and respond to risks.

§ Develop security management and data protection plan for key accounts: identify assets & threat vectors. Define mitigations and control framework.

§ Conduct periodic risk and control assessments of our adherence to obligations and security management plan. Provide implementation plans to close gaps.

Security Operations and Program Management

§ Manage third party or client audit/security assessment activities such as SOC report, PCI-DSS and ISO 27001. Plan audit scope and schedule, and coordinate with various corporate functions to collect/produce evidences.

§ Assist delivery team to review Technical Solution Designs and Secure SDLC processes to ensure IT products and services are foundationally secure in accordance to risk appetite.

§ Coordinate corporate incident management response and support investigations within a strict timeframe. Liaise with customers and external parties.

§ Develop Security Training and Awareness materials, and conduct or facilitate awareness sessions.

Qualifications & Certifications

§ Bachelor’s degree or above in a related field or an equivalent experience

§ 2-5 years of IT or Security experience

§ Preferable to have an experience in working for a regulated industry

§ Preferable to have an experience in Software Development and/or Infrastructure Build

§ Preferable to have attained certifications such as ISO 27001, CISA, or CRISC; or an intend to get one.

§ Preferable to have some knowledge in security frameworks such as ISO 27001, NIST-CSF, ISM, PSPF, etc.

§ Knowledge in Security Architecture or Project Management or experience will be highly regarded