We are seeking an experienced Senior Tech Risk Analyst to join our team in Pune. This critical role requires a seasoned professional with a minimum of 10 years of experience in the technology risk domain, with a strong focus on IT Compliance, Governance, and Identity & Access Management (IAM). The successful candidate will be pivotal in managing our risk posture, ensuring regulatory compliance, and securing digital assets through effective credential and access lifecycle management.

Key Responsibilities :

IT Risk & Compliance Management :

- Lead and manage the execution of IT control assessments, ensuring adherence to internal policies, regulatory requirements, and industry standards (e.g., ISO 27001, NIST, SOC 2).

Manage Audit and Control Requirements :

- Act as the primary technical point of contact for internal and external audits, coordinating data collection, evidence provision, and control explanations.

- Respond promptly to compliance alerts, investigate potential risks, and oversee the remediation efforts for identified control gaps.

- Maintain and enhance the compliance tooling and dashboards, ensuring accurate reporting of risk metrics, control inventories, and compliance status across the technology landscape.

Identity & Access Management (IAM) Specialization :

- Demonstrate 5+ years of strong, hands-on experience specifically within the IT Compliance and IAM domains.

- Design, implement, and govern robust processes for credential lifecycle management, including the provisioning, maintenance, rotation, and revocation of :

- Certificates (PKI).

- Secrets (Application/Service credentials).

- Cryptographic Keys.

- Privileged Accounts and Access (Priveleged Access Management - PAM).

- Ensure that all access control mechanisms align with the principle of least privilege and strict segregation of duties.

Technical Operations & Reporting :

- Utilize data analytics and monitoring tools (e.g., Splunk, SIEM platforms, specialized GRC tools) to gather, analyze, and interpret large volumes of access and control data.

- Develop key risk indicators (KRIs) and key performance indicators (KPIs) and report findings to senior management using clear, concise metrics and visual dashboards.

- Leverage version control and workflow tools, primarily GitLab, to manage compliance-as-code initiatives, document technical risk findings, and track the progress of remediation plans.

- Ensure all control documentation and technical standards are accurately maintained within established repositories.

Qualifications and Skills :

Experience :

- A minimum of 10 years of progressive experience in Information Technology, with a significant concentration in Tech Risk, IT Security, and/or Compliance.

Domain Expertise :

- Minimum 5+ years of direct, specialized experience in IT Compliance and IAM principles and technologies.

Technical Proficiency :

- Hands-on knowledge of credential management systems, certificate management, and access governance tools.

Tooling :

- Working proficiency with:

- Compliance tooling & risk dashboards for reporting and inventory management.

- Data analytics and monitoring tools (e.g., for log analysis and metrics generation).

- Version control/Workflow tools (specifically GitLab).

Mindset :

- Exceptional analytical and problem-solving skills with an extremely high attention to detail, which is crucial for compliance-driven work and accurate risk assessment.

Soft Skills :

- Excellent written and verbal communication skills, with the ability to articulate complex technical risks to non-technical stakeholders and senior leadership.