Job Description
Governance, Risk, and Compliance Engineer Cognizant - 3.8 Blue Ash, OH Job Details Full-time 1 day ago Qualifications CMMC IT service management Governance, risk, and compliance (GRC) software IT governance planning Vulnerability management
ISO 27001 IT
risk management Full Job Description About Cognizant Cognizant is one of the world's leading professional services companies, helping clients modernize technology, reimagine processes, and manage risk in complex and highly regulated environments. Cognizant supports secure, compliant, and resilient operations across industries. Role Summary The Governance, Risk, and Compliance (GRC) Engineer supports the implementation, validation, and continuous monitoring of security and compliance controls across the organization. This role ensures alignment with regulatory and contractual requirements and maintains audit readiness against frameworks such as NIST SP 800
‑171 and CMMC Level 2. The GRC Engineer works closely with technology teams and business stakeholders to assess risk, remediate gaps, and improve compliance processes. Key Responsibilities Support the implementation and validation of security and compliance controls aligned with NIST SP 800
‑171 and CMMC Level 2. Ensure compliance evidence is accurate, complete, and audit‑ready. Collaborate with service owners to conduct risk assessments, document findings, and track remediation activities through closure. Maintain and update risk registers, including residual risk and mitigation plans. Prepare audit artifacts and coordinate walkthroughs and interviews for internal and external audits. Drive remediation efforts with control owners and support prevention of recurring audit findings. Contribute to the creation, review, and revision of security and compliance policies. Support role‑based security training, awareness activities, and phishing campaigns. Develop and maintain reporting workflows to track compliance status, risk metrics, and remediation progress. Partner with cross‑functional teams to translate compliance requirements into operational processes. Participate in onsite or virtual audits as required to verify ongoing compliance. Required Qualifications 3-7 years of experience in governance, risk, compliance, information security, or a related field. Experience supporting compliance initiatives aligned with NIST SP 800
‑171 and CMMC Level 2. Working knowledge of vulnerability management and risk management practices. Experience with governance, risk, and compliance platforms and IT service management tools. Familiarity with ISO 27001 and information security awareness programs. Strong documentation, organizational, and communication skills. Preferred Qualifications Security or compliance certifications such as Security+, CISA, CISM, CISSP, ISO 27001 Lead Implementer/Auditor, CCP, or CMMC Certified Professional. Experience maintaining audit‑ready evidence and supporting remediation activities across multiple teams. Work Model We believe hybrid work is the way forward as we strive to provide flexibility wherever possible. Based on this role's business requirements, this is a hybrid position requiring 3 days a week in our office in Blue Ash, Ohio. Regardless of your working arrangement, we are here to support a healthy work-life balance though our various wellbeing programs. The working arrangements for this role are accurate as of the date of posting. This may change based on the project you're engaged in, as well as business and client requirements. Rest assured; we will always be clear about role expectations. We're excited to meet people who share our mission and can make an impact in a variety of ways. Don't hesitate to apply, even if you only meet the minimum requirements listed. Think about your transferable experiences and unique skills that make you stand out as someone who can bring new and exciting things to this role. Legal & Work Authorization Candidates must be legally authorized to work in the United States. Employment eligibility verification will be required at the time of hire.
