Wednesday, November 26, 2014
Director - Corporate Security - Cognizant Technology Solutions - New York
Job description
Cognizant requires a BFS Director – Corporate Security – IRM, to be part of Corporate Security Group, and play an integral leadership role in the overall development and management of a Cognizant-wide Information Risk Management strategy for the Banking and Financial Services sector.
IRM Framework/Strategy: Develop a Cognizant-Wide Information Risk Management Framework/ Strategy for the BFS vertical in collaboration with the Director of BFS India IRM.
Develop a market leading risk management framework to govern customer engagements addressing legal, regulatory and risk considerations for the BFS sector.
Partner with Vertical leads globally to assess risk and develop a control framework suitable to high risk engagements balancing risk with operational effectiveness.
Develop/manage a robust metrics model to measure evergreen program effectiveness
Develop a Cognizant PCI program to aid in a strategic approach to a comprehensive risk management controls offering for the applicable BFS client base
Core Competencies
Strong working knowledge of FFIEC/NIST/PCI Security laws, Standards, rules and regulations while administering overall PCI security program for the client engagement
Deep insight of best practice standards such as ISO 27001, NIST, PCI is required.
Demonstrates proven expertise and success with implementing security architecture and strategies, delivering consulting security solutions for the engagement emphasized by the customer
Establishing, communicating, and maintaining a charter for the security management function for the engagement
Demonstrates proven expertise and success in a role leading and collaborating directly with senior management, delivery, practice development and thought leadership related to Information Security solution development, assessment and implementation
Demonstrates proven expertise and success managing project work streams in system security, controls or information security management environment, specifically on the following information security domains:
Security Architecture and Strategy (Integrated Risk Management)
Identity & Access Management
Data Leakage Prevention; Focus on Data Flow, Encryption
Large Complex Program Execution/Implementation
Security Function Design and Governance
Incident Management
Security Infrastructure
The role :
Aligning and integrating the Information Security strategy for the engagement with the business goals
Ensure all IT systems, policies and procedures fully comply with PCI security laws, rules and regulations and the master service agreement signed for the client engagement
Monitor and evaluate security measures to protect against reasonably anticipated threats or hazards to the privacy, security or integrity of PHI or other customer sensitive information
Prepare and implement effective security and compliance training to employees to ensure that any changes in regulations are communicated in a timely manner
Develop, maintain security management plan for the engagement and provide periodic updates to the management and business leaders on the compliance.
Develop and monitor security metrics for the engagement.
Ensure alignment and compliance with security policies, procedures and practices
Review security exceptions for the engagement and identify risks
Monitor the risk mitigation plans
Review and monitor the security compliance of master service agreements for accounts and advise business team on the security requirements.
Engage with external auditors & customer visitors for assessments
Investigate security breaches
Qualifications
A four-year college degree in Computer Science or equivalent certification is required.
10-12 years of experience in information security in the Banking and Financial Services Sector related field including management experience
Knowledge and working expertise of PCI, state and federal guidelines on privacy, transactions and security.
Knowledge of Financial security compliance regulations (PCI, FFIEC, GLBA, etc.).
In-depth understanding of network and system security technology and practices across all major-computing areas (mainframe, client/server, PC/LAN, telephony) with a special emphasis on Internet related technology.
A high level of integrity and trust
Focused personality, with a demonstrated ability to take initiative, successfully handle and prioritize multiple competing assignments and effectively manage deadlines
Experience in understanding and deploying risk management frameworks
Security certifications desired such as CISA, CISSP, CISM, CRISC etc
Certified PCI -ISA
Personal Characteristics
Ability to think strategically; work with a sense of urgency and pay attention to detail.
Ability to present complex solutions and methods to a general community.
Ability to interact with all levels of management and high-profile individuals
Independent thinking, willingness to "step outside the box" and take reasonable, calculated risks.
Must be reliable and adaptable
Excellent written and verbal communication and organizational skills.
Outstanding work ethic
Strong team player that collaborates well with others to solve problems and actively incorporate input from various sources.
Experience with working on global teams across time zones, cultures and languages
Refer This Job To Your Friends And Help Them To Find Jobs!