Cyber Risk Analyst

About The Position

Requirements

• Bachelor's degree in any engineering discipline.
• At least 3 years of experience in cyber governance, risk and compliance domain.
• Experience in implementing security controls and processes across business functions adhering to NIST CSF, ISO 27001 standards.
• Practical experience into at least 70% of the above-mentioned responsibilities.
• Exposure to industry standards and regulations (e.g., SOC 2, ISO 27001, GDPR/DPDP etc.).
• Good communication and interpersonal skills, with the ability to engage effectively with diverse stakeholders.

Nice To Haves

• Security certifications such as CISA, ISO 27001 Lead Implementer / Lead Auditor is preferred.
• AI‑governance or AI‑risk credentials such as ISO/IEC 42001 training, NIST AI RMF Architect/Lead Implementer, or recognized AI Security & Governance certifications is a strong plus.

Responsibilities

• Plan and execute internal cyber security audits and control reviews across applications, infrastructure, and business processes. Document findings, assess risk and impact, and track remediation through closure with respective teams.
• Conduct security due diligence for vendors and third parties: review security questionnaires, certifications, and technical controls to ensure they meet organizational requirements. Identify and track vendor risks, recommend mitigation measures, and support contractual security requirements where needed.
• Work with stakeholders to maintain and test business continuity and disaster recovery (BCP/DR) plans. Plan, coordinate, and document tabletop exercises and technical BCP/DR drills, track and follow up on corrective actions.
• Maintain up‑to‑date security policies, standards, procedures, and guidelines, ensuring alignment with NIST CSF, ISO 27001, and relevant regulations. Prepare regular reports and dashboards on audit findings, risk status, BCP drill outcomes, vendor risk posture, and ISMS/NIST CSF progress for management. Maintain and update the cyber risk register, working with control owners and business stakeholders to identify, assess, and prioritize risks. Perform risk assessments (likelihood/impact), propose risk treatment options (mitigate, accept, transfer, avoid), and track treatment plans to closure.
• Develop and deliver cyber security awareness sessions and targeted training for employees, including phishing awareness, secure handling of data, and role‑based security topics. Create clear, engaging communication materials (presentations, FAQs, quick guides) to improve security culture.

Benefits

• Professional growth in a dynamic, rapidly expanding, high-social-impact industry
• An open-minded, collaborative culture made up of enthusiastic colleagues who are driven by the challenge of innovation towards profound impact on people and the planet.
• A truly multicultural experience: You will have the chance to work with and learn from people from different geographies, nationalities, and backgrounds.
• Structured, tailored learning and development programs that help you become a better leader, manager, and professional through the Sun King Center for Leadership.