Cyber Security Analyst

We're looking for a Senior Cyber Security Analyst with Minimum 10 years into GRC.

Job Description

• Lead Cyber Governance & Risk Management - Develop, maintain, and enhance cybersecurity governance, risk, and compliance (GRC) frameworks aligned with organizational risk appetite, regulatory obligations, and industry standards such as ISO 27001, NIST, COBIT, Essential Eight, PCI-DSS, and relevant cyber regulations. Based on responsibilities involving framework deployment and risk profile management.

Conduct Cyber Risk Assessments & Gap Analysis -- Perform security risk assessments, control reviews, and maturity/gap analyses for systems, projects, cloud environments, applications, and technology initiatives to identify vulnerabilities, prioritize risks, and recommend remediation strategies.

Drive Security Compliance & Audit Readiness - Lead and support internal and external cyber audits, including ISO 27001, ITGC, NIST, Essential Eight, PCI-DSS, and regulatory assessments by coordinating evidence collection, remediation tracking, and stakeholder engagement to ensure ongoing compliance.

• Develop Policies, Standards & Control Frameworks
• Design, review, and maintain cybersecurity policies, standards, SOPs, control libraries, and governance processes to support secure technology adoption and operational resilience across the enterprise.
• Control Assurance & Risk Remediation Oversight
• Perform control design and operating effectiveness testing (DE/OE), manage issue and exception lifecycles, track remediation plans, and oversee control uplift activities to reduce residual cyber risk.

Third-Party & Supplier Risk Management - Conduct cybersecurity due diligence, supplier risk assessments, and ongoing third-party assurance activities to ensure vendors meet security, privacy, and compliance requirements.

Risk Advisory for Technology & Change Initiatives - Provide cyber risk and governance advisory for strategic transformation initiatives including cloud, APIs, identity governance, infrastructure modernization, and enterprise technology programs to ensure secure-by-design outcomes.

Cyber Resilience, BCP & Incident Preparedness - Support cyber resilience, business continuity, and recovery initiatives by coordinating exercises, resilience testing, risk scenario assessments, and lessons-learned improvements to strengthen response capabilities.

Stakeholder Engagement & Executive Reporting - Collaborate with senior leadership, business stakeholders, technology teams, auditors, and risk owners to present cyber risk insights, governance updates, compliance status, and remediation progress through reports, dashboards, and governance forums.

Security Awareness & Risk Culture Enablement - Promote cyber awareness and strengthen organizational risk culture through workshops, training sessions, advisory support, and targeted communication to improve information security adoption and accountability.