Oferty pracy

Business Information Risk Manager

Business Information Risk Manager

At Cognizant, we are dedicated to helping the worlds leading companies build stronger businesses - helping them go from doing digital to being digital.

In Poland, our offices are located in Gdańsk, Wroclaw, and Kraków. With the capacity to support various clients, we offer a world of opportunities for both professionals and graduates. You can expect five-star training, a chance to realize your career goals, and a range of benefits. Be Cognizant!


The Business Information Security (BIS) is a global team that is responsible for ensuring all security risks pertaining to business delivery and Client engagements are managed end to end. The team engages on a frequent basis with business leaders to identify, analyze and mitigate security risks. The team is also the primary touch point between the Corporate Security Group and Business teams, while supporting the business on Client security requirements and compliance.

As a Manager in BIS, you will be part of Corporate Security Group and facilitate security requirements for Cognizant GGM (Global Growth Markets) Business and its clients.


  • Manage security and compliance risks in service delivery for key verticals
  • Communicate with Business teams to understand all critical security requirements and risk scenarios
  • Engage in BIS Program for the key accounts: understand business context; define a control framework; conduct risk assessments; identify and evaluate risks; prepare recommendations and reports; present to leadership
  • Coordinate with Incident management team during incidents and support investigation of security breaches
  • Perform Security Risk assessments and conduct related ongoing compliance monitoring activities in coordination with Privacy Officer and Legal Team members among others
  • Manage external certifications like ISO 27001 audit and coordination with auditors: plan out audit schedule and charter for corporate functions and coordinate with all internal stakeholders towards preparation
  • Assess, prepare and ensure all IT systems, policies and procedures fully comply with Cognizant ISO 27001 standard, GDPR, local laws and cross-borders regulations
  • Engage with different stakeholders: external auditors, customer visitor, business leaders and corporate teams, such as HR, legal, IT, etc.
  • Conduct reviews to assess the service delivery control environment and evaluate adherence to client identified contractual requirements, Cognizant policies and standards
  • Review physical security control readiness in delivery centers in Poland (Krakow, Gdansk and Wroclaw)
  • Review physical security control readiness in delivery centers across Europe (optional)
  • Experience on ISO 27001 Information Security Management system, Risk Assessments, Evaluation of results / findings, IT GRC Governance Risk Compliance Tools
  • Already have or in process to obtain relevant Security Certifications e.g. ISO 27001 LA, ISO 27001 LI, CISA, CISSP, CISM, etc.
  • Participation in information security and risk management field, especially with Technology Risk Management / IT Audit in enterprise organizations
  • Knowledge and/or experience in VRM, SSAE/ISAE 3402, SOC 1, SOC 2, and PCI-DSS, assessment and control implementation is an advantage
  • Knowledge in understanding and deploying risk management and security frameworks such as ISO 27001, NIST, etc. is an advantage
  • Basic understanding of network and system security technology and practices
  • Knowledge on GDPR and EU Data Protection directive is beneficial
  • Enthusiastic about Information Security and Risk Management
  • Willingness to be an active team player and contributor
  • Ability to pay attention to details and think strategically
  • Manage parallel fast-changing requirements, making use of criticality and sense of urgency
  • Ability to present results to leaders and key stakeholders
  • Excellent written and verbal communication and organizational skills in English
  • Strong collaboration skills and to solve problems and incorporate input from various sources
  • Willing to travel in Poland (10%)
  • Willing to travel across Europe (10% - Optional)
Prosimy o dopisanie klauzuli: Wyrażam zgodę na przetwarzanie moich danych osobowych zawartych w mojej ofercie pracy dla potrzeb niezbędnych do realizacji procesu rekrutacji (zgodnie z Ustawą z dnia 29.08.1997 r. o Ochronie Danych Osobowych; tekst jednolity Dz. U. z 2016 r. poz. 922 z późn. zm. ). Jednocześnie oświadczam, że zostałem/am poinformowany/a o dobrowolności podania danych osobowych oraz prawie dostępu do treści swoich danych i ich poprawiania.