Information Security Risk Analyst

Information Security Risk Analyst

We are seeking a skilled Information Security Risk Analyst to support our global cybersecurity and risk management function. This role involves conducting risk assessments, maintaining the security risk register, and ensuring alignment with organizational risk appetite, business objectives, and regulatory requirements.

You will work closely with stakeholders across the business to strengthen the organization’s security posture and promote a risk-aware culture.

Key Responsibilities

• Perform information security risk assessments across systems, applications, and business processes
• Maintain and update the Information Security Risk Register
• Monitor, track, and report Key Risk Indicators (KRIs)
• Escalate risks in a timely manner based on defined thresholds
• Identify, assess, and manage exceptions to Information Security Policies
• Support the end-to-end cybersecurity risk lifecycle (identify, assess, mitigate, monitor)
• Prepare risk reports and dashboards for management and stakeholders
• Ensure compliance with internal policies and regulatory requirements
• Collaborate with cross-functional teams to promote a risk-aware culture

Required Skills & Experience

• Strong understanding of information security frameworks (e.g., ISO 27001, NIST)
• Experience with risk assessment methodologies and tools
• Knowledge of cybersecurity controls, threats, and vulnerabilities
• Ability to interpret and report on risk metrics (KRIs/KPIs)
• Strong analytical and problem-solving skills
• Excellent communication and stakeholder management
• Bachelor’s degree in Cybersecurity, IT, or related field
• Certifications such as CISSP, CISM, or CRISC
• Experience in regulated or global environments