Information Security & Assurance Manager
Role: Information Security & Assurance Manager Geographical Coverage: ASEAN & GCN (Greater China) Location: Singapore The Cognizant Difference - Helping our Clients Win In Digital
The Information Security & Assurance (IS&A) is a global corporate team that is responsible for ensuring all security risks pertaining to business delivery and Client engagements are managed end to end. The team engages on a frequent basis with our business leaders to identify, analyse and mitigate security risks. The team is also the primary touch point between the wider Corporate Security community and client business engagements to our security obligations to customers.
Cognizant requires an Information Security & Assurance Manager to expand, lead and manage the security improvements across Asia Pacific (APAC), particularly within ASEAN and Greater China regions. Candidates will have a proven ability in Security Governance, Risk and Compliance and have some background in Security Engineering and Management. Roles and Responsibilities Security Governance
Security Risk Management
- Manage the security governance, risk and compliance for wide variety of customer engagements within the region
- Understand and apply security laws and regulations for the region, such as Singapore MAS, Singapore CC, PRC Cybersecurity Law, APRA CPS 234, and EU GDPR.
- Conduct review our adherence to contractual obligations. Provide implementation plans to close obligation gaps in line to Cognizant security policy and standards.
- Work with the Global Head of Security & Information and affiliated Centre of Excellence (COE) leaders to ensure Cyber Security practices align with other business units, business objectives and evolving threat landscape
Security Operations and Program Management
- Engage with different stakeholders: external auditors, customer security officers, business leaders, legal, HR, and IT teams to understand all critical security requirements and risk scenarios.
- Perform annual risk assessments and conduct related ongoing compliance monitoring for multiple customer engagements.
- Develop security management plan for key accounts: identify assets, assess risks, define control framework, prepare recommendations, and publish reports
- Provide Security-by-Design recommendations in order to establish security, availability, data integrity, and privacy controls for various engagement according to risk appetite.
Skills and Experience
- Ensure the ongoing management of a Secure Software Development Life Cycle to ensure on time delivery of application sprints with security compliance and best practices.
- Manage third party or client audit activities such as ISO 27001, SOC, etc. Plan out audit schedule and charter for corporate functions and coordinate with all internal stakeholders towards preparation
- Assess, prepare and ensure all IT systems, policies and procedures fully comply with Cognizant ISO 27001 SoA, local laws and cross-borders regulations
- Develop Security Training and Awareness materials, and conduct or facilitate training sessions,
- Coordinate with corporate incident management team during incidents, support investigation, and deliver incident response within strict timeframe. This may include customer engagement and communications.
- Must have a Bachelor's degree or above in a related field or equivalent experience
- Must have relevant security certifications such as CISA, CRISC, CISSP, or CISM
- Must have experience in managing internal Information Security function for a highly regulated industry
- 5+ years of Cyber Security experience
- 3+ years of management experience
- Knowledge in security frameworks such as NIST, SABSA, ISO 27001, or GDPR, etc.
- Experience in attaining certifications or attestations such as ISO 27001, SOC1, SOC2, or PCI-DSS.
- Experience with Application Development and Security Engineering is highly preferred
- Excellent written and verbal communications in English
- Good stakeholder engagement skills
- Ability to present complex solutions and methods to general community
- Ability to demonstrate pragmatism by delivering security controls that balances risk mitigations vs. business value
- Ability to think strategically; work with a sense of urgency and pay attention to detail
- Independent thinker, willingness to "step outside the box" and take reasonable, calculated risks
- Strong collaboration skills and willingness to be a team player to solve problems and incorporate input from various sources
- Some proficiency in Mandarin (spoken and written) will be regarded, but not essential.