Job Description

About the Role:We are looking for an Information and Cyber Security Lead. You will be part of the founding key team member, reporting to the Chief Information Officer (CIO) and working closely with team leads in the transformation of the business. If you are passionate about technology and digital transformation for business and want to be in a team where your views matter, learning and collaboration is part of the culture, please reach out and we would love to talk to you!Key Responsibilities

• Define and implement the Enterprise InfoSec (IS) landscape and roadmap.
• Architect and develop security solutions on on-premise and cloud platforms (AWS, GCP, or Azure) using cloud-native security services.
• Design and implement secure cloud architecture for various cloud platforms.
• Provide security advisory as a trusted partner and subject matter expert cloud platforms.
• Develop, maintain, and enhance IT Security checklists and guidelines.
• Manage third-party IS due diligence on service suppliers, including onsite assessments.
• Conduct Technology Security Risk Assessments on systems throughout their lifecycle to identify and mitigate security risks.
• Ensure compliance with security frameworks and processes such as CIS, NIST, PCI/DSS, SOC 2.
• Implement process improvements for effective IT Security risk management.
• Identify security risks in the Tech Obsolescence Risk program.
• Perform periodic risk analysis, vulnerability scanning, and testing.
• Drive enterprise initiatives for comprehensive security posture analysis across different layers and sources within the network environment.
• Respond to security incidents and manage incident response.
• Communicate with regulators and ensure solutions meet external and internal requirements and guidelines.
• Conduct security awareness training and programs for employees.
• Stay updated on security trends and new threats to safeguard the organization.

• At least 15 years of experience in Information Security and risk management, preferably in a large organization or financial services.
• Deep understanding of threat modeling and risk management principles.
• Strong understanding of financial services IS policies, regulatory trends, and good practices for providing recommendations.
• Excellent relationship-building, stakeholder management, communication, and influencing skills.
• Experience managing senior business stakeholders.
• Strong motivation and capability to drive initiatives and changes.
• Proactive leadership and teamwork skills.
• Relevant industry certifications (e.g., CISSP, CISM, CISA, CCSP).
• Excellent analytical and problem-solving abilities.
• Experience in team leadership, coaching, and mentoring.
• Knowledge of industry standards such as ISO 27001, MAS TRM, NIST, CIS, PCI/DSS, and SOC 2.
• Familiarity with security technologies such as firewalls, intrusion detection systems, and endpoint protection.
• Experience with security operations centers (SOC) and setting up SOC models.
• Strong program management background.
• Product-specific certifications such as MCSE, CCNA Security.
• Good knowledge of TCP/IP protocol.
• Ability to handle sensitive information with confidentiality and integrity.
• Experience in driving enterprise initiatives for E2E security posture analysis.
• Ability to work with subsidiaries and understand regional security requirements.

Cognizant