Cybersecurity Risk Analyst

Role & responsibilities

We are seeking a detail-oriented and analytical Cybersecurity Risk Analyst to join our growing security team. This individual will play a critical role in identifying, assessing, and mitigating cybersecurity risks across the organization. You will work closely with IT, compliance, audit, and business units to ensure the security and integrity of our information systems and support strategic efforts to enhance our cybersecurity posture.

Essential Job Functions:

• Risk Identification & Assessment

Evaluate internal systems and third-party vendors for potential cybersecurity risks.

Conduct formal risk assessments, threat modeling, and vulnerability analysis across infrastructure, applications, and operations.

• Risk Mitigation & Recommendations

Collaborate with IT and security teams to recommend and track risk remediation activities.

Develop risk treatment plans and ensure timely mitigation or acceptance of risks.

• Security Governance & Compliance

Support implementation and monitoring of frameworks such as NIST, ISO 27001, CIS Controls, or SOC 2.

Ensure alignment with regulatory standards (e.g., CCPA, GDPR, PCI-DSS, SOX).

• IT Audit & Reporting

Assist with internal and external audits, including evidence collection and control testing.

Prepare detailed risk reports and dashboards for stakeholders and executive leadership.

• Continuous Improvement

Stay updated with emerging cybersecurity threats, trends, and technologies.

Recommend improvements to cybersecurity policies, procedures, and awareness programs.

Preferred candidate profile

• Bachelor's degree in Information Security, Computer Science, Risk Management, or related field.
• 5+ years of experience in cybersecurity, IT risk management, or information assurance.
• Strong knowledge of cybersecurity concepts, technologies, and frameworks.
• Experience with risk assessment methodologies and tools.
• Familiarity with compliance requirements (e.g., ISO 27001, NIST, SOC 2, SOX, GDPR, CCPA).
• Excellent written and verbal communication skills, with the ability to convey risk concepts to both technical and non-technical audiences.
• Professional certifications such as one of the following are a top priority: CompTIA Security+, SSCP, GSEC, CISSP, CCSP, CGEIT, or ISO/IEC 27001 Lead Auditor
• Experience with GRC platforms (e.g., Workiva, Drata, TrustCloud, A-SCEND).
• Exposure to cloud security (IBM, AWS, Azure, GCP) and third-party risk management.
• Experience at a top 20 India CPA firm or India MSP.
• Availability to work during US hours till 1:30 pm ET zone of the US is essential for this role.
• Candidates must have their own system/work setup for remote work.