Supplier Risk and Compliance Analyst

Are you ready for a new beginning?

We need your talent, knowledge and dedication to better our world with biology.

Our purpose points the way

In Novonesis, we know that solutions rooted in biology can help solve humanity’s biggest challenges. Since we began more than a century ago, this has been our guide. It’s how we've gotten so far. And it’s how we'll impact the future. Now, more than ever, the world needs change. And with biosolutions, the possibilities for transformation are endless.

We’re here to better our world with biology.

Supplier Risk and Compliance Analyst , driving third-party cyber security risk management agenda in global procurement.

Introduction text

Join us as our new Supplier Risk and Compliance Analyst, based out of Bengaluru, driving our third-party cyber security risk management agenda in global procurement.

In today’s interconnected world, cyber security is no longer optional, it’s a critical pillar for business resilience and trust. The EU’s NIS2 Directive (Network and Information Security Directive 2) sets a new benchmark for strengthening security across essential sectors, ensuring robust risk management and compliance.

At Novonesis global procurement, we are looking for an operationally strong ‘ Supplier Risk and Compliance Analyst’ who will play a key role in driving NIS2 compliance within our supply chain. This is an exciting opportunity to combine procurement risk management and compliance expertise with cutting-edge cyber security requirements, helping us safeguard operations and partners against evolving digital threats.

The role will own the day-to-day execution of supplier cyber security risk management measures including issuing and reviewing questionnaires, coordinating with internal stakeholders and suppliers, tracking remediation, and maintaining clear dashboards and KPIs to inform decision-making and enable compliant supplier onboarding and continuity.

Welcome to Global Procurement

As part of the Global procurement team based out of Bengaluru, you will be part of implementing procurement’s cyber security risk resilience agenda.

You will be part of the procurement sustainability team, responsible for driving supply chain decarbonization and responsible sourcing agenda at Novonesis global procurement, including supplier ESG and cyber security risk management. Within the team, this role will be responsible for executing and tracking the supplier cyber security risk management activities, in alignment with the NIS2 directive (Network and Information Security Directive 2). You will be working in close cooperation with colleagues in procurement as well as the cyber security team.

As the role is placed in the procurement sustainability team, there will be opportunities for this role in future to take on ESG risk and compliance topics.

In this role you’ll make an impact by:

1) Driving Cyber Security Risk Management (Primary focus)

• Issue, track, and analyze supplier cyber security questionnaires

• Coordinate with IT Security and Procurement to define remediation actions and timelines.

• Maintain a centralized risk register, supplier tiering, exception logs, and remediation trackers.

• Support due diligence for new supplier onboarding, renewals, and material changes (scope changes, incidents).

• Escalate high/critical risks; support contractual clauses with category managers and legal.

2) KPI Tracking, Reporting & Tools

• Define, track, and report KPIs across cyber security

• Prepare and run steering updates, present risks, trends, and supplier segmentation insights

• Maintain accurate data and build Power BI/Excel dashboards for operational visibility.

• Support audits and evidence requests; ensure data integrity and audit-readiness.

3) Stakeholder Engagement & Governance

• Act as a liaison between Procurement, IT Security, Sustainability, Legal, and Business Units.

• Provide clear communication with suppliers: purpose, expectations, timelines, follow-ups, and closure criteria.

• Contribute to policy, standard operating procedures, and training for category managers and requestors.

4) Potentially support sustainability & ESG compliance (secondary focus for future)

• Partner with the Procurement Sustainability colleagues to harmonize questionnaires, leverage third-party ratings, and align KPIs.

• Maintain a centralized risk register, supplier tiering, exception logs, and remediation trackers

To succeed you must hold:

• 2–4 years in procurement risk, third-party risk management, supplier compliance, cyber security or related operations.

• Bachelor’s degree in Information Security, Computer Science, Information Technology, supply chain, business or related field; with relevant experience considered

• Hands-on experience with questionnaires, evidence reviews, and risk scoring.

• Strong Excel/Power BI skills; comfortable building tracker dashboards and status reports.

• Excellent written and verbal communication; confident managing supplier follow-ups and stakeholder updates.

• Solid understanding of cyber security basics (e.g., access controls, encryption, incident response, vulnerability management, data protection)

• Experience with SRM/TPRM platforms

• Collaborative, curious, entrepreneurial mindset and a positive can-do attitude

• Strong problem-solving skills and a structured way of working

• Strong ability to translate complex problems into simple(r) concepts and communicate effectively

It will be advantageous (but not necessary) if you additionally have

• Familiarity with ISO 27001, NIST CSF, SOC 2, GDPR/privacy concepts

• Experience in performing risk screening and security assessments.

• Background in contracting for risk clauses and DPAs with Legal.

• Background in ESG risk assessments

Could our purpose be yours? Then apply today!

At Novonesis we commit to an inclusive recruitment process and equality of opportunity for all our job applicants. We recommend you not to attach a cover letter to your application. Instead, please include a few sentences in your resume/CV about why you are applying. To ensure a fair recruitment process, please refrain from adding a photo in your resume/CV.

Novonesis is dedicated to fostering a unique community by embracing and respecting differences. We make all employment decisions based on business needs, ensuring that every individual can thrive, regardless of identity or background such as ethnicity, religion, gender, sexual orientation, age, disability, or veteran status.

Want to learn more?
Learn more about Novonesis, our purpose, and your career opportunities at novonesis.com

Not the right fit for you?
Even if this job isn't the right fit for you, perhaps you know someone who might find it interesting. If so, please feel free to share the job link and encourage them to apply. Thank you for your referral! Please check out our other open positions. The right fit for you could just be a few clicks away.

Stay alert: Avoid recruitment scams
At Novonesis, we are committed to maintaining a safe and transparent recruitment process. Please be aware of potential scams targeting job seekers and take note of the following:

• Novonesis will never ask for sensitive personal information, such as bank account details, Social Security numbers, or passwords, at any stage of the hiring process.
• Novonesis does not make employment offers without conducting interviews with candidates.

If you receive suspicious communication claiming to be from Novonesis, please do not share any personal or financial information. We encourage you to verify the legitimacy of the message by contacting us directly through our official channels.