Risk Assessment and Management Senior Analyst

What You Can Expect

The Senior Risk Assessment & Management Analyst supports global enterprise cyber and technology risk programs by independently executing complex risk assessments, maintaining risk data quality, and providing actionable risk insights to global stakeholders. This role operates with limited supervision and serves as a subject matter expert for risk methodology and assessment execution within the Bangalore GCC.

Work Location: Bangalore
Work Mode: Hybrid (3 Days in office)

How You'll Create Impact

• Lead execution of enterprise cyber and technology risk assessments aligned to NIST CSF, ISO 27001, and internal risk frameworks.
• Perform inherent and residual risk analysis, control effectiveness assessments, and risk scoring.
• Maintain and update the enterprise risk register, ensuring accuracy, consistency, and timely remediation tracking.
• Conduct third-party, cloud, and application risk assessments in coordination with global security teams.
• Support business impact analyses (BIA) and risk scenario modeling.
• Prepare executive-ready risk reports, dashboards, and summaries for global leadership.
• Partner with Internal Audit and Compliance on control testing, evidence collection, and remediation validation.
• Identify risk trends and emerging threats and escalate insights to management.
• Mentor Risk Analysts and support onboarding and knowledge transfer within the GCC.

What Makes You Stand Out

Technical Skills:

• Experience: 5+ years in GRC/Risk Management
• Core Competency: Strong experience in end-to-end Vendor/Third-Party Risk Assessment (TPRM).
• Tools: Proficiency in configuring/operating workflows in any GRC platform (ServiceNow is preferred/ Archer/ One Trust).
• Frameworks: Experience with ISO 27001 (critical as org is migrating) and NIST Cybersecurity Framework (CSF).
• Technical/Audit: Ability to interpret SOC 1/SOC 2 reports and identify control gaps; experience supporting SOX/HIPAA audits.
• Reporting: High proficiency in Excel for reporting and analytics.

Soft Skills:

• Ability to translate complex technical risks into business language for stakeholders.
• Strong Communication skills

Your Background

Educational Qualification & Experience

• Bachelor’s degree in Information Security, Risk Management, IT, or related field.
• 5+ years of experience in cybersecurity risk, IT risk, or GRC.
• Demonstrated experience supporting global enterprise risk programs.
• Strong analytical, documentation, and stakeholder communication skills.
• Ability to work independently and manage multiple concurrent assessments.

Technologies & Tools

• GRC Platforms: ServiceNow GRC, Archer, OneTrust
• Risk Frameworks: NIST CSF, ISO 27001, COBIT
• Third-Party Risk: SecurityScorecard, BitSight, OneTrust TPRM
• Cloud Risk & Posture: AWS Security Hub, Azure Security Center
• Reporting & Analytics: Power BI, Tableau, Excel
• Collaboration & Workflow: Jira, Confluence, MS Teams

Preferred Certifications

• CRISC, CISM, ISO 27001 Lead Implementer or Lead Auditor, CISSP (or in progress)