Job Details

Information Risk Manager - Umbrella only

Not Specified, United Kingdom, £540 , Contract

Posted: 18days ago


We are heading up a recruitment drive on behalf of a global IT consultancy that require a Information Risk Manager to join their team on a major project that is based remotely.

Job Title - Information Risk Manager

Day Rate - £ 540/day

Location - Remote

iR35 determination - Inside

The Information Risk Management (IRM) is a global team that is responsible for ensuring all security risks pertaining to business delivery and Client engagements are managed end to end. The team engages on a frequent basis with business leaders to identify, analyze and mitigate security risks. The team is also the primary touch point between the Corporate Security Group and Business teams, while supporting the business on Client security requirements and compliance.


  • Manage security and compliance risks in service delivery for key verticals and communicate with Business teams to understand all critical security requirements and risk scenarios.
  • Engage in IRM program for the key accounts: define control framework; identify and evaluate risks; understand business context and prepare reports and recommendations.
  • Coordinate with Incident management team during incidents and support investigation of security breaches.
  • Perform annual Security Risk assessments and conduct related ongoing compliance monitoring activities in coordination with Privacy Officer and Legal Team members.
  • Manage External ISO 27001 audit and coordination with auditors: plan out audit schedule and charter for corporate functions and coordinate with all internal stakeholders towards preparation.
  • Assess, prepare and ensure all IT systems, policies and procedures fully comply with Cognizant ISO 27001 SoA, security laws, rules and regulations.
  • Engage with different stakeholders: external auditors, customer visitor, business leaders and corporate teams, such as HR, legal, IT, etc.
  • Conduct reviews to assess the service delivery control environment and evaluate adherence to client identified contractual requirements, Cognizant policies and standards.
  • PCI-DSS related activities including the identification of compliance gaps, the development of remediation plans, scan, PCI certification, documentation, monitoring compliance status, and ultimate attestation of compliance.
  • Support business team during deal pursuit:
    Communicate and discuss with customer security team an understand security requirements
    Create security solutions and negotiate for security contract
    Review solutions to determine compliance with customer security requirement
    Define the control framework in accordance with the customer requirement
    Compliance monitoring
    Handholding to offshore and business team


  • Bachelor degree in Computer Science or relevant field.
  • Security certifications such as CISA, CISSP, CISM, CRISC, CCSK, CIPP IT, CIPP E etc.
  • Strong knowledge on GDPR and EU Data Protection directive, PCI Security requirements, SSAE 18/ISAE 3402, SOC2 Standards, rules and regulations.
  • Proven experience in information security and risk management field, especially with Technology Risk Management/IT Audit in Enterprise organizations.
  • Strong experience in understanding and deploying risk management and security frameworks such as NIST, ISF and ISO.
  • Experience of SSAE/ISAE, SOC 2 and PCI-DSS, assessment and control implementation; ISMS implementation.
  • In-depth understanding of network and system security technology and practices across all major-computing areas (Network, Firewalls, Client Server, PC/LAN, telephony) with a special emphasis on Internet related technology.
  • Understanding of DLP and eDiscovery tools as well as mapping Data Flows and processes.
  • Experience on ISO 27001 Information Security Management system, Risk Assessments, Evaluation of results/findings, IT GRC Governance Risk Compliance Tools.

Personal Characteristics:

  • Ability to think strategically; work with a sense of urgency and pay attention to detail.
  • Ability to present complex solutions and methods to a general community.
  • Independent thinking, willingness to "step outside the box" and take reasonable, calculated risks.
  • Excellent written and verbal communication and organizational skills, fluency in English.
  • Strong collaboration skills and willingness to be a team player to solve problems and incorporate input from various sources.

We offer:

  • Opportunity to be part of a rapidly expanding global organization.
  • Open and colourful work place with multicultural community.
  • Opportunity to grow both professionally and personally.
  • Inspiring working atmosphere and many engaging activities.

Job Details

Not Specified, United Kingdom