Security Compliance Engineer

About Cognizant Corporate

Cognizant Corporate is a global community united by a shared purpose: to make a meaningful impact. We are committed to excellence and driven by outcomes that matter. Collaboration is at the heart of how we work, and our forward‑thinking mindset fuels continuous learning, innovation, and growth.

At Cognizant, careers transcend titles. We empower our people to think strategically, inspire others, and lead with purpose – always guided by our core values. Join us in shaping the future of business. Could you be the one to make a difference?

Belcan’s Governance, Risk & Compliance (GRC) team ensures compliance with regulatory and contractual requirements across our operations. The GRC Engineer supports the implementation and validation of security and compliance controls, manages risk assessments, and maintains audit‑ready evidence, illustrating alignment to frameworks such as NIST SP 800‑171 and CMMC Level
2. This role works closely with technical teams and business stakeholders to monitor compliance, address gaps, and improve processes that reduce risk and maintain certification (or recertification) readiness.

Support implementation and validation of accuracy and completeness of security and compliance controls aligned to NIST SP 800‑171 and CMMC Level
2. Ensure evidence is adequate, sufficient, and audit‑ready.

Collaborate with service owners to conduct risk assessments; documenting findings, residual risk, and mitigation plans. Track remediation progress through closure in the risk register (Service Now).

Prepare artifacts and coordinate walkthroughs/interviews for internal/external audits. Drive gap remediation with owners and prevent recurrence.

Contribute to policy creation review and revision sessions which outline operational compliance and practicality. Support the creation, assignment, and completion tracking of role‑based training and security awareness (e.g., Phishing Campaigns).

Develop and maintain reporting workflows to track compliance status, risk metrics, and remediation progress. Contribute towards providing leadership with clear visibility into compliance posture through structured reporting. Continuously identify opportunities to improve efficiency through process enhancements or technology solutions.

Partner with various teams such as Security, IT, Infrastructure, PMO, and Facilities to translate compliance requirements into actionable tasks and embed them into processes and procedures.

Participate in on‑site/virtual site audits at other Belcan locations to verify compliance is being maintained.

• 3 years or more of professional experience in Governance, Risk & Compliance, security operations or engineering, IT administration/infrastructure, or a closely related discipline.
• Working knowledge and understanding of NIST SP 800‑171 and CMMC Level 2; familiarity with CIS Controls and ISO 27001 concepts.
• Hands‑on experience with control validation and the evidence lifecycle (collection, verification, retention).
• Strong documentation and communication skills; ability to collaborate and drive remediation across cross‑functional teams.
• Experience using enterprise security and IT operational platforms, including:
• IT service management (ITSM) / ticketing systems for risk/issue tracking and workflow management.
• Vulnerability management scanners for asset discovery, risk scoring, and remediation tracking.
• Endpoint detection and response (EDR) / endpoint security suites for posture monitoring and control evidence capturing.
• Security information and event management (SIEM) / log analytics for centralized logging, monitoring, and reporting.
• Security awareness & phishing training platforms for campaign management and compliance reporting.
• Risk registers / compliance repositories for control mapping, status tracking, and management.
• Comfort coordinating on technical documentation and proof points (e.g., configuration baselines,…