Governance, Risk, and Compliance Engineer

Cognizant is seeking a Governance, Risk, and Compliance (GRC) Engineer to join their team in Blue Ash, Ohio. As a leading professional services company, Cognizant assists clients in modernizing technology, reimagining processes, and managing risks in complex and highly regulated environments. The GRC Engineer will play a pivotal role in ensuring the organization's security and compliance controls align with regulatory and contractual requirements, maintaining audit readiness against frameworks such as NIST SP 800-171 and CMMC Level 2.

In this role, the GRC Engineer will support the implementation, validation, and continuous monitoring of security and compliance controls across the organization. Key responsibilities include collaborating with service owners to conduct risk assessments, documenting findings, and tracking remediation activities through closure. The engineer will also maintain and update risk registers, prepare audit artifacts, coordinate walkthroughs and interviews for internal and external audits, and contribute to the creation, review, and revision of security and compliance policies. Additionally, the role involves supporting role-based security training, awareness activities, and phishing campaigns, as well as developing and maintaining reporting workflows to track compliance status, risk metrics, and remediation progress.

Candidates should have at least 3 years of experience in governance, risk, compliance, information security, or a related field. Experience supporting compliance initiatives aligned with NIST SP 800-171 and CMMC Level 2 is essential. A working knowledge of vulnerability management and risk management practices is required, along with experience with governance, risk, and compliance platforms and IT service management tools. Familiarity with ISO 27001 and information security awareness programs is also important. Strong documentation, organizational, and communication skills are necessary for effective collaboration and reporting.

Preferred qualifications include security or compliance certifications such as Security+, CISA, CISM, CISSP, ISO 27001 Lead Implementer/Auditor, CCP, or CMMC Certified Professional. Experience maintaining audit-ready evidence and supporting remediation activities across multiple teams is also advantageous. The position is hybrid, requiring three days a week in the Blue Ash, Ohio office, with the remaining days potentially remote, depending on business requirements. Cognizant offers a comprehensive benefits program designed to support employees' financial, physical, and mental well-being, including retirement plans, healthcare options, and wellness programs.

Cognizant fosters a collaborative and inclusive workplace where employees are encouraged to think strategically, inspire others, and lead with purpose. The company is committed to continuous learning, innovation, and growth, providing opportunities for career advancement and professional development. Joining Cognizant means becoming part of a global community dedicated to making a meaningful impact and shaping the future of business.