Third Party Security & Risk Management Analyst - BFSI

Third-Party Security and Risk Management Analyst

Location - Bangalore

Experience - 5-7 Years

Salary - Up To - 28 LPA

Must Have :

- third-party risk management

- maintaining cybersecurity policies

- risk methodologies

- Agricultural equipment

- IT services

Responsibilities:

- Follow defined policies, standards, and procedures for NIST Cybersecurity Framework (CSF), ISO 21434, etc. to complete third-party risk assessments

- Identify improvements in policies, standards, and procedures related to third-party risk assessments

- Assist in developing threat models appropriate for third-party risk assessments

- Innovate, research, and assist in leading risk analysis efforts across various project teams, following a standard threat analysis and risk assessment model

- Conduct regularly defined risk register reviews, following up with project leads on identified risks and next steps, escalating areas of high risk appropriately

- Assist in defining the annual program calendar for all GRC activities, including compliance audits, risk reviews, and general assessments

- Maintain clear reporting and documentation across projects to aid decision-making, tracking, and KPI/KRI development

- Lead the development of standards and control checks to determine various team and project compliance with policies and standards

Qualifications & Competencies:

- Bachelor's degree or minimum of 5+ years industry experience in an information technology or GRC role

- Experience developing or maintaining cybersecurity policies or risk management frameworks

- Experience with third-party risk management

- Willingness to clearly raise risks

- Strong written and verbal communication skills with a collaborative mindset

- Familiarity with NIST Cybersecurity Framework, ISO standards, or other common benchmarks

- Experience with various risk methodologies (FAIR, NIST RMF, ISO3100, Loss Exceedance Curves)

- Ability to evaluate cybersecurity risk and business value across a wide variety of scenarios

- Willingness to learn new technologies or methodologies quickly

- Comfortable working in a fast-paced, global organization with dispersed teams

Desired Qualifications:

- Experience working in an Agile, Scrum, or SAFe environment

- Appropriate cybersecurity or risk management certificates, including CRISC, CISSP, GTSRT, etc.

- Experience working with GRC tools, managing policy documentation, and/or actively assessing cybersecurity risk

- Familiarity with agriculture or manufacturing