Security Consultant - GRC at Cognizant in Syracuse, New York

Job Description:

GRC Consultant

Qualification:

Degree:

Bachelors Degree, Masters Degree

Certifications:

CISA, CISM, ISO 27001

Responsibility:

Requirements Gathering:

• 'Understand functional and non functional application security requirements.

• Raise queries and seek clarification.

• Use requirement gathering techniques like Interviews Focus groups Facilitated workshops to collect more information security requirements and refine them.

Design & Analysis:

• 'Translate compliance and audit requirements into design.

• Identify areas that need to be validated using POC and drive it.

• Conduct and facilitate idea generation techniques like brainstroming benchmarking alternatives generation to come up with exhaustive and ideal design.

• Create design documents LLD HLD etc.

Coding:

• 'Monitor and review installation and configuration of GRC automation products.

• For enabling parallel development of custom component create skeleton/framework using which implementation will be done by GRC Engineers.

• Identify customization requirements and create independent design for customizations.

• Conduct code review ensure code quality and standard continous integration is done.

• Clarify questions / resolve issues / concerns on time.

• seek review from peer / GRC Specialist periodically.

• Highlight any potential risks to Leads and seek inputs to resolve issues identified.

• Update traceability matrix for the work package developed.

• provide support on process audit activities.

• Adhere to process and tools.

• follow the SCM policies set for project.

Testing:

• 'Create unit test plan.

• Review unit test cases.

• Review unit test results.

Documentation:

• Develop SDLC lifecycle artifacts based on customer SDLC process.

Change Management:

• 'Review build and deployment instructions.

• Schedule and review change requests.

Deployment:

• Facilitate automation for build and deployment.

• Facilitate building of tools/process for quick and efficient validation of application pre/post deployment (sanity checks).

Defect Management:

• 'Analyze defects (identify dependencies between application/components alternate fixes etc).

• Review defect fixes.

• Ensure defect density is low defect leakage is null and first time right metric is high.

Coaching & Facilitating:

• 'Build induction training conduct and facilitate.

• Facilitate knowledge sharing within and among team through sessions.

• Encourage team to take up domain/technical certifications.

Project Management:

• 'Technical inputs expected for estimation.

• 'Provide bottom up estimation for work packages.

• Provide input to Security architect on dependencies between work packages.

Process Improvements and Adherence:

• 'Identify areas where automation/improvements can be done develop accelerators to improve efficiency and productivity.

• Identify pain points/gaps in process and suggest improvements.

Knowledge Management:

• 'Contribute towards updating knowledge assets and reviweing user manual online help document installation manual / scripts.

• Contribute / search / reuse all types of assets from repository.

People management:

• 'Resolve conflicts within team.

• Conduct periodic 1 on 1 to provide and receive feedback.

Business Development:

• 'Technical support required for drafting solution response.

 

Must Have Skills

• Risk Assessment

• GRC Implementation/ Integratio

Technical Skills

SNo	Primary Skill	Proficiency Level *	Rqrd./Dsrd.
1	Risk Assessment	PL3	Required
2	GRC Implementation/ Integratio	PL3	Required

 

* Proficiency Legends

Proficiency Level	Generic Reference
PL1	The associate has basic awareness and comprehension of the skill and is in the process of acquiring this skill through various channels.
PL2	The associate possesses working knowledge of the skill, and can actively and independently apply this skill in engagements and projects.
PL3	The associate has comprehensive, in-depth and specialized knowledge of the skill. She / he has extensively demonstrated successful application of the skill in engagements or projects.
PL4	The associate can function as a subject matter expert for this skill. The associate is capable of analyzing, evaluating and synthesizing solutions using the skill.

Apply Now