Cyber Risk Analyst

Cyber Risk Analyst Department: Global Analytics and Technology Employment Type: Permanent - Full Time Location: India Description Job location: Remote in India About the role: We are looking for a Cyber Risk Analyst to strengthen our governance, risk, and compliance posture across the organization. In this role, the Cyber Risk Analyst will drive cyber security audits, vendor security reviews, business continuity (BCP/DR) drills, and security awareness initiatives, while supporting the implementation of frameworks such as NIST Cybersecurity Framework (CSF) and ISO 27001 ISMS. This role is ideal for someone who enjoys working cross‑functionally, can communicate clearly with both technical and non‑technical stakeholders, and is comfortable working remotely with high ownership and accountability. What you will be expected to do Cyber Security Audits & Assessments (30%) Plan and execute internal cyber security audits and control reviews across applications, infrastructure, and business processes. Document findings, assess risk and impact, and track remediation through closure with respective teams. Vendor and Third‑party Security Reviews (30%) Conduct security due diligence for vendors and third parties: review security questionnaires, certifications, and technical controls to ensure they meet organizational requirements. Identify and track vendor risks, recommend mitigation measures, and support contractual security requirements where needed. Business Continuity and BCP/DR drills (25%) Work with stakeholders to maintain and test business continuity and disaster recovery (BCP/DR) plans. Plan, coordinate, and document tabletop exercises and technical BCP/DR drills, track and follow up on corrective actions. Cyber Governance and Risk Management (10%) Maintain up‑to‑date security policies, standards, procedures, and guidelines, ensuring alignment with NIST CSF, ISO 27001, and relevant regulations. Prepare regular reports and dashboards on audit findings, risk status, BCP drill outcomes, vendor risk posture, and ISMS/NIST CSF progress for management. Maintain and update the cyber risk register, working with control owners and business stakeholders to identify, assess, and prioritize risks. Perform risk assessments (likelihood/impact), propose risk treatment options (mitigate, accept, transfer, avoid), and track treatment plans to closure. Cyber Security Awareness & Training (5%) Develop and deliver cyber security awareness sessions and targeted training for employees, including phishing awareness, secure handling of data, and role‑based security topics. Create clear, engaging communication materials (presentations, FAQs, quick guides) to improve security culture. You might be a strong candidate if you have/are Bachelor's degree in any engineering discipline. At least 3 years of experience in cyber governance, risk and compliance domain. Experience in implementing security controls and processes across business functions adhering to NIST CSF, ISO 27001 standards. Practical experience into at least 70% of the above-mentioned responsibilities. Exposure to industry standards and regulations (e.g., SOC 2, ISO 27001, GDPR/DPDP etc.). Security certifications such as CISA, ISO 27001 Lead Implementer / Lead Auditor is preferred. AI‑governance or AI‑risk credentials such as ISO/IEC 42001 training, NIST AI RMF Architect/Lead Implementer, or recognized AI Security & Governance certifications is a strong plus. Good communication and interpersonal skills, with the ability to engage effectively with diverse stakeholders. What Sun King offers Professional growth in a dynamic, rapidly expanding, high-social-impact industry An open-minded, collaborative culture made up of enthusiastic colleagues who are driven by the challenge of innovation towards profound impact on people and the planet. A truly multicultural experience: You will have the chance to work with and learn from people from different geographies, nationalities, and backgrounds. Structured, tailored learning and development programs that help you become a better leader, manager, and professional through the Sun King Center for Leadership.