OneMain Financial Jobs

About Cognizant Corporate

Cognizant Corporate is a global community united by a shared purpose: to make a meaningful impact. We are committed to excellence and driven by outcomes that matter. Collaboration is at the heart of how we work, and our forward-thinking mindset fuels continuous learning, innovation, and growth.

At Cognizant, careers transcend titles. We empower our people to think strategically, inspire others, and lead with purpose – always guided by our core values. Join us in shaping future of business. Could you be the one to make a difference?

Role Summary

Belcan’s Governance, Risk & Compliance (GRC) team ensures compliance with regulatory and contractual requirements across our operations. The GRC Engineer supports the implementation and validation of security and compliance controls, manages risk assessments, and maintains audit‑ready evidence, illustrating alignment to frameworks such as NIST SP 800‑171 and CMMC Level 2. This role works closely with technical teams and business stakeholders to monitor compliance, address gaps, and improve processes that reduce risk and maintain certification (or recertification) readiness.

Key Responsibilities

Control Validation & Traceability

Support implementation and validation of accuracy and completeness of security and compliance controls aligned to NIST SP 800‑171 and CMMC Level 2. Ensure evidence is adequate, sufficient, and audit‑ready.

Risk Assessment & Remediation

Collaborate with service owners to conduct risk assessments; documenting findings, residual risk, and mitigation plans. Track remediation progress through closure in the risk register (ServiceNow).

Audit & Assessment Readiness

Prepare artifacts and coordinate walkthroughs/interviews for internal/external audits. Drive gap remediation with owners and prevent recurrence.

Policy, Standards & Procedures

Contribute to policy creation review and revision sessions which outline operational compliance and practicality. Support the creation, assignment, and completion tracking of role‑based training and security awareness (e.g., Phishing Campaigns).

Automation & Reporting

Develop and maintain reporting workflows to track compliance status, risk metrics, and remediation progress. Contribute towards providing leadership with clear visibility into compliance posture through and structured reporting. Continuously identify opportunities to improve efficiency through process enhancements or technology solutions.

Cross ‑ Functional Collaboration

Partner with various teams such as Security, IT, Infrastructure, PMO, and Facilities to translate compliance requirements into actionable tasks and embed them into processes and procedures.

Site Audits (Occasional)

Participate in on-site/virtual site audits at other Belcan locations to verify compliance is being maintained.

Minimum Qualifications

· 3 years or more of professional experience in Governance, Risk & Compliance, security operations or engineering, IT administration/infrastructure, or a closely related discipline.

· Working knowledge and understanding of NIST SP 800‑171 and CMMC Level 2; familiarity with CIS Controls and ISO 27001 concepts.

· Hands‑on experience with control validation and the evidence lifecycle (collection, verification, retention).

· Strong documentation and communication skills; ability to collaborate and drive remediation across cross‑functional teams.

· Experience using enterprise security and IT operational platforms, including:

o IT service management (ITSM) / ticketing systems for risk/issue tracking and workflow management.

o Vulnerability management scanners for asset discovery, risk scoring, and remediation tracking.

o Endpoint detection and response (EDR) / endpoint security suites for posture monitoring and control evidence capturing.

o Security information and event management (SIEM) / log analytics for centralized logging, monitoring, and reporting.

o Security awareness & phishing training platforms for campaign management and compliance reporting.

o Risk registers / compliance repositories for control mapping, status tracking, and management.

· Comfort coordinating on technical documentation and proof points (e.g., configuration baselines, logs/monitoring, vulnerability reports, access control reviews).

Preferred Qualifications (Flexible)

· Experience supporting assessments or audits in defense industrial base/regulated environments.

· Scripting/automation skills (Python/PowerShell); dashboard/reporting (Power BI or equivalent).

· Certifications (preferred, not required): Security+, CISA, CISM, CISSP, ISO 27001 Lead Implementer/Auditor, CCP (CMMC Certified Professional).

Work model

We believe hybrid work is the way forward as we strive to provide flexibility wherever possible. Based on this role’s business requirements, this is a hybrid position requiring 3 days a week in a client or Cognizant office in Blue Ash, Ohio. Regardless of your working arrangement, we are here to support a healthy work-life balance though our various wellbeing programs.

The working arrangements for this role are accurate as of the date of posting. This may change based on the project you’re engaged in, as well as business and client requirements. Rest assured; we will always be clear about role expectations.

We're excited to meet people who share our mission and can make an impact in a variety of ways. Don't hesitate to apply, even if you only meet the minimum requirements listed. Think about your transferable experiences and unique skills that make you stand out as someone who can bring new and exciting things to this role.

Cognizant is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by law.