Company Name: Cognizant

Title: Cybersecurity

Job type; full time

Location : Kolkata, Chennai and Pune

Years of Experience: 4+ yrs

Mandatory skills: Risk assessment, information security governance & compliance, knowledge on security frameworks including ISO 27000, NIST CSF, and any of the US Regulatory requirements including GLBA, NYDFS, NAIC, FFIEC and CCPA.

Good to have: Privacy & security certifications. 

Job Description:

•           Conducts complex risk assessment and information security compliance programs or processes.

•           May manage an on-going relationship with an assigned business unit.

•           Applies a deep understanding of business processes and technologies used within assigned business units to ensure compliance with regulatory requirements and Truist's applicable standards, policies, and procedures.

•           May interface with end-users as well as all levels of management, Senior Executives, and technical and business sources.

•           Consults with managers, suppliers, and other business resources in support of security governance and incident solutions to meet business objectives and regulatory requirements. 

•           Experience in IT security or audit. In-depth knowledge in information systems and ability to identify, apply, and implement best practices.

•           Experience conducting, preparing and presenting analysis, findings and recommendations.

•           Understanding of key business processes and competitive strategies related to the IT function. Y

•           Ability to interpret and convey complex, difficult, or sensitive information. Ability to interpret common industry security frameworks including ISO 27000, NIST CSF, and US Regulatory requirements including GLBA, NYDFS, NAIC, FFIEC and CCPA. Certifications in CISSP, CISA, CISM, CIPP, or GDPR are a plus.

According to client they are in need of assessing around 700 applications which are part of merger activity and unassessed. They are having specific assessment forms which they use at Truist to come up with the ITARC score related to application security. This particular score is fed into different applications for further processing(ex: to define RPO\RTOs). It is also mentioned that the team will be trained by their senior associate. Resources will be closely working with them and there will be no BAU activities.