GRC Analyst

Job Title: GRC Analyst

Shift Timing- Rotational

Work mode- Remote, India

Role Overview:

Lead the end‑to‑end vulnerability management lifecycle—spanning discovery, analysis, reporting, remediation guidance, and closure—for Protera Technologies and its clients. This client‑facing role blends deep hands‑on expertise with vulnerability tooling (Nessus, Qualys, etc.) and clear, audience‑appropriate communication to executives, application owners, and engineers. You will design and deliver security reports and dashboards, drive remediation outcomes against SLAs, and strengthen compliance with frameworks such as NIST and PCI DSS.

Core Responsibilities:

·       Lifecycle Ownership: Manage the full vulnerability lifecycle from asset onboarding and scan configuration through triage, tracking, remediation coaching, and verified closure.

·       Standards & Compliance: Ensure alignment with applicable configuration and security standards (e.g., NIST, PCI DSS) and provide audit ready evidence.

·       Assessments & Reporting: Perform vulnerability and configuration assessments; deliver timely, accurate assessment reports tailored for technical and non‑technical stakeholders.

·       Dashboards & Data Visualization: Design, implement, and maintain dashboards and visualizations that demonstrate assessment coverage, risk posture, and remediation effectiveness for internal and client audiences.

Security Reporting:

·       Produce executive summaries, technical deep‑dives, and KPI packs (weekly/monthly/quarterly) for Protera Technologies clients.

·       Track and report SLA performance, exposure trends, MTTR, risk reduction, and exception/acceptance statuses.

·       Validate data quality across scanners and CMDB sources; reconcile false positives/duplicates; document scope and methodology.

·       Present findings in governance forums, QBRs, and remediation working sessions; capture actions and owners.

·       Process & Platform Enablement: Implement and refining processes, capabilities, and techniques for vulnerability management and security testing; drive ongoing platform maintenance and upgrades.

·       Threat Monitoring: Track vulnerability disclosures and threat intelligence; rapidly assess relevance, prioritize assets, and coordinate accelerated scans/mitigations.

·       Alerting & Communication: Communicate actionable alerts to internal and external teams regarding threats to network, application, and OS platforms for Protera Technologies and its clients.

·       Escalation & Guidance: Serve as an escalation point for scanning and testing issues; provide clear remediation guidance and compensating controls.

·       Risk & Compliance Support: Support risk assessments, control selection, and corrective action plans; assist with audit requests and evidence collection.

·       KPI/Metric Development: Define, implement, and continuously improve KPIs/OKRs and operational metrics related to vulnerability management and reporting.

·       Knowledge Management: Develop and maintain security writeups, standard operating procedures, runbooks, and client‑facing documentation.

·       Confidentiality: Maintain strict confidentiality and handle sensitive client data responsibly.

Required Experience & Skills:

·       7+ years in Vulnerability Assessment / Vulnerability Management.

·       Proficiency with vulnerability tools: Nessus, Qualys (plus experience with AppScan, Trustwave, Burp Suite, Nipper is a strong advantage).

·       Solid grasp of application security concepts and assessment methodologies.

·       Strong knowledge of core cybersecurity concepts (threats, vulnerabilities, risk, confidentiality/integrity/availability, cryptography).

·       Expertise with common frameworks and taxonomies: CVSS, OWASP Top 10.

·       Knowledge of system, application, and database hardening techniques and secure configuration benchmarks.

·       Strong understanding of Internet security and networking protocols.

·       Experience in cloud security (IaaS/PaaS/SaaS) and risks unique to cloud environments.

·       Ability to interface confidently with both technical and non‑technical stakeholders; proven client‑facing communication skills (written and verbal).

·       Demonstrated ability to work independently, meet schedules, and deliver to timelines in a distributed team environment.

·       Analytical mindset with the ability to identify, prioritize, and explain advanced threats and misconfigurations.

·       Strong security reporting acumen—turning scan data into clear narratives, visuals, and decisions for executives and engineers.

·       Availability outside of standard working hours for high‑priority events.

Nice to Have:

·       Scripting skills (Python, Perl, Shell/Bash) for automation, data wrangling, and integration.

·       Software development background or familiarity with SDLC/Develops practices.

·       Experience building reports/dashboards in BI or native security platforms (e.g., Qualys/Nessus dashboards, Power BI, Tableau).

·       Ability to collaborate across cultures/time zones; adaptable, detail‑oriented, and comfortable with changing priorities.

·       Positive, constructive approach with strong teamwork and stakeholder management.

Protera Technologies (www.protera.com) is an SAP Certified, Global Total IT Outsourcing Provider for SAP-centric organizations founded in the mid-1990s. We have been the SAP-on-cloud pioneer since running the world’s first SAP production instance on a public cloud. Today, we manage thousands of SAP and related IT workloads on Microsoft Azure, Google Cloud, and Amazon Web Services (AWS).

Headquartered in Chicago, IL, with offices in Athens, Greece, and Mumbai, India, Protera delivers world-class cloud hosting, application management, and professional services focused on total customer satisfaction.

For more information, visit www.protera.com.