As a Cyber and Third-Party Risk Analyst, you will be responsible for identifying, analyzing, and mitigating IT-related risks. This role is critical for ensuring that risk controls are in place, policies are adhered to, and security standards are met across the organization. You will work closely with various departments to develop risk management frameworks, perform assessments, and support regulatory compliance efforts. This position requires working a second-shift schedule, from 2:00 PM to 11:00 PM IST.
Roles & Responsibilities
- Risk Identification & Assessment: Conduct risk assessments to identify vulnerabilities in IT systems, processes, and policies. You will also assist in identifying and evaluating risks associated with third-party vendors and maintain the IT risk register.
- Risk Mitigation & Monitoring: Recommend and implement risk mitigation strategies and controls across the IT infrastructure. You will collaborate with cybersecurity and business teams to track and resolve identified risks and vulnerabilities, and you will monitor and report on the effectiveness of existing controls.
- Compliance & Regulatory Support: Ensure compliance with industry standards and regulatory requirements (GDPR, SOX, PCI-DSS, NIST). You will assist in preparing for internal and external audits by providing documentation and evidence of IT risk management practices.
- Vendor Risk Management: Conduct vendor risk assessments, ensuring that third-party services and products align with internal risk and security policies. You will regularly review vendor performance and risk exposure, working with procurement and legal teams as needed.
Qualifications
- A Bachelor's degree in Information Technology, Cybersecurity, Risk Management, or a related field.
- 2-4 years of experience in IT risk management, IT auditing, or information security.
- Hands-on experience with risk management tools and frameworks (ISO 27001, NIST, COBIT).
- Certifications such as CRISC, CISA, or CISSP are highly desirable.
- A strong understanding of IT infrastructure, security best practices, and the ability to assess and interpret security-related clauses in third-party contracts.
- Familiarity with regulatory frameworks and compliance standards is essential.
Soft Skills
- Analytical & Problem-Solving: Excellent analytical, troubleshooting, and problem-solving skills, with the ability to communicate complex risk concepts to non-technical stakeholders.
- Communication: Strong verbal and written communication skills and the ability to work effectively with global, virtual teams.
- Initiative & Teamwork: A high degree of initiative, self-motivation, and a team-oriented mindset.
- Organization: The ability to manage multiple priorities successfully.
