Cybersecurity Risk Analyst

Risk Identification & Assessment 

• Evaluate internal systems and third-party vendors for potential cybersecurity risks. 
• Conduct formal risk assessments, threat modeling, and vulnerability analysis across infrastructure, applications, and operations.

Risk Mitigation & Recommendations 

• Collaborate with IT and security teams to recommend and track risk remediation activities. 
• Develop risk treatment plans and ensure timely mitigation or acceptance of risks.

Security Governance & Compliance 

• Support implementation and monitoring of frameworks such as NIST, ISO 27001, CIS Controls, or SOC 2. 
• Ensure alignment with regulatory standards (e.g., CCPA, GDPR, PCI-DSS, SOX).

IT Audit & Reporting 

• Assist with internal and external audits, including evidence collection and control testing. 
• Prepare detailed risk reports and dashboards for stakeholders and executive leadership.

Continuous Improvement 

• Stay updated with emerging cybersecurity threats, trends, and technologies. 
• Recommend improvements to cybersecurity policies, procedures, and awareness programs.

• Bachelor's degree in Information Security, Computer Science, Risk Management, or related field. 
• 5+ years of experience in cybersecurity, IT risk management, or information assurance. 
• Strong knowledge of cybersecurity concepts, technologies, and frameworks. 
• Experience with risk assessment methodologies and tools. 
• Familiarity with compliance requirements (e.g., ISO 27001, NIST, SOC 2, SOX, GDPR, CCPA). 
• Excellent written and verbal communication skills, with the ability to convey risk concepts to both technical and non-technical audiences.
• Professional certifications such as one the following are a top priority: CompTIA Security+, SSCP, GSEC, CISSP, CCSP, CGEIT, or ISO/IEC 27001 Lead Auditor
• Experience with GRC platforms (e.g., Workiva, Drata, TrustCloud, A-SCEND). 
• Exposure to cloud security (IBM, AWS, Azure, GCP) and third-party risk management.
• Experience at a top 20 India CPA firm or India MSP