Cyber Risk Analyst

This is a fully remote position, open to applicants in India.

📋 Description

• Develop and implement internal cyber security audits and control assessments across applications, infrastructure, and business operations.

• Record observations, evaluate risks and impacts, and monitor remediation until completion with relevant teams.

• Conduct security assessments for vendors and third-party entities: analyze security questionnaires, certifications, and technical measures to confirm they align with organizational standards.

• Identify and monitor vendor-related risks, suggest mitigation strategies, and assist with contractual security obligations as necessary.

• Collaborate with stakeholders to uphold and test business continuity and disaster recovery (BCP/DR) strategies.

• Organize, coordinate, and document tabletop simulations and technical BCP/DR drills, ensuring corrective actions are tracked and followed up on.

• Keep security policies, standards, protocols, and guidelines current, ensuring compliance with NIST CSF, ISO 27001, and pertinent regulations.

• Create regular reports and dashboards detailing audit results, risk status, BCP drill outcomes, vendor risk assessments, and ISMS/NIST CSF progress for management review.

• Maintain and refresh the cyber risk register, collaborating with control owners and business stakeholders to identify, evaluate, and prioritize risks.

• Conduct risk evaluations (likelihood/impact), recommend risk treatment strategies (mitigate, accept, transfer, avoid), and monitor treatment plans until completion.

• Design and conduct cyber security awareness sessions and specialized training for employees, covering topics such as phishing awareness, secure data handling, and role-specific security issues.

• Develop engaging communication materials (presentations, FAQs, quick reference guides) to enhance the security culture.

⛳️ Requirements

• A bachelor's degree in any engineering field.

• Minimum of 3 years of experience in the cyber governance, risk, and compliance sector.

• Proven experience in implementing security controls and processes across business functions in line with NIST CSF and ISO 27001 standards.

• Practical involvement in at least 70% of the responsibilities outlined above.

• Familiarity with industry standards and regulations (e.g., SOC 2, ISO 27001, GDPR/DPDP, etc.).

• Security certifications like CISA or ISO 27001 Lead Implementer / Lead Auditor are preferred.

• AI-governance or AI-risk qualifications such as ISO/IEC 42001 training, NIST AI RMF Architect/Lead Implementer, or recognized AI Security & Governance certifications are a significant advantage.

• Strong communication and interpersonal skills, with the ability to effectively engage with a diverse range of stakeholders.

🏝️ Benefits

• Opportunities for professional advancement in a dynamic, fast-growing industry with a high social impact.

• An open and collaborative culture comprised of passionate colleagues motivated by the challenge of innovation to create significant effects on people and the planet.

• A genuine multicultural experience: You will have the opportunity to collaborate with and learn from individuals of various geographies, nationalities, and backgrounds.

• Structured, customized learning and development programs aimed at enhancing your leadership, management, and professional skills through the Sun King Center for Leadership.