We are seeking a highly analytical and detail-oriented Cybersecurity Risk & Compliance Analyst to join our security and governance team. This role will focus on conducting risk assessments, performing threat analysis, supporting penetration testing activities, and ensuring alignment with GRC (Governance, Risk, and Compliance) standards. The candidate will also be responsible for managing regulatory compliance, risk mitigation strategies, and incident handling related to policy and governance violations.

Key Responsibilities :

- Perform comprehensive cybersecurity risk assessments across systems, applications, and business processes.

- Conduct threat analysis and collaborate with penetration testing teams to identify and mitigate vulnerabilities.

- Ensure compliance with relevant regulatory frameworks (e.g., ISO 27001, NIST, GDPR, HIPAA, SOX).

- Support and manage GRC processes, including risk registers, control frameworks, policy management, and audit response.

- Collaborate with cross-functional teams to implement and monitor risk mitigation strategies.

- Track and report compliance issues and work with stakeholders to resolve policy violations or security incidents.

- Contribute to security awareness programs and training efforts.

- Participate in internal and external audits, documenting controls and evidence as required.

Required Skills & Qualifications :

- 36 years of experience in cybersecurity, GRC, or risk management roles.

- Strong knowledge of risk assessment methodologies and threat modeling techniques.

- Familiarity with penetration testing practices and coordination.

- Experience with regulatory compliance frameworks (e.g., NIST, ISO, PCI-DSS).

- Proficient in risk management tools and GRC platforms (e.g., Archer, ServiceNow GRC, or similar).

- Excellent communication and documentation skills for reports, policies, and incident summaries.

Preferred Qualifications :

- Security certifications such as CISSP, CISA, CRISC, CEH, or CISM.

- Experience working in regulated industries (e.g., finance, healthcare, or energy).

- Background in security operations or incident response is a plus.