Risk Assurance Analyst

The Senior Specialist, Technical Risk Assurance is responsible for leading security assessments, identifying vulnerabilities and ensuring the organizations IT infrastructure remains secure against evolving cyber threats. This role involves evaluating security risks, implementing control measures, and collaborating with IT and business units to enhance security frameworks.

Your key responsibilities

• Conduct and lead security assessments to evaluate the effectiveness of existing security controls and identify potential vulnerabilities.
• Provide recommendations on security improvements, integration requirements and emerging security needs.
• Analyze and report on information security risks, collaborating with IT teams, third-party vendors and business units to assess the impact of technology implementations.
• Assess security requirements for enterprise systems, networks, and applications, identifying and implementing technical security solutions.
• Develop best practices for risk assessments and data security procedures to ensure compliance with security standards.
• Identify security gaps, update security documentation and lead initiatives to enhance IT security measures.
• Validate the functionality of security controls, performing vulnerability analyses and risk assessments to ensure robust protection against threats.
• Evaluate IT acquisitions, infrastructure and development processes to ensure compliance with security policies and risk management frameworks.
• Lead security assessment planning, manage vendor relationships and oversee vulnerability mitigation processes.
• Monitor system access logs, identifying unauthorized access attempts or security anomalies that require immediate action.
• Implement security protocols for system backups and disaster recovery to ensure business continuity.
• Stay informed on emerging security trends, policies and best practices, providing expert consultation on security standards. Participate in special projects and perform other duties as assigned.

To qualify for the role,

• Minimum 10 years of experience in information security, risk management, or cybersecurity.
• Bachelors degree (B.E./B.Tech) in Computer Science, degree in Cybersecurity, Information Security, or Bachelor’s in Computer Applications (BCA), or Master’s in Computer Applications (MCA), or a related field.
• Expertise in vendor risk assessment frameworks, third-party security reviews, and compliance standards (e.g., SOC 2, ISO 27001).
• Familiarity with risk scoring methodologies, contract review, and regulatory requirements.
• Familiar with Archer and ServiceNow.
• Proficiency in secure coding, threat modeling, vulnerability assessments, penetration testing, application architecture review, and DevSecOps tools integration.
• Strong knowledge of OWASP standards, compliance, and risk management.
• Strong analytical and critical-thinking skills.
• Excellent interpersonal and communication abilities for vendor interactions.
• Highly organized, detail-oriented, and capable of managing multiple assessments simultaneously while maintaining objectivity and professionalism.
• Strong technical writing/documentation skills.
• CISM, CISSP Certification preferred.
• Knowledge of disaster recovery planning and business continuity strategies.