Cyber Risk Analyst

What you will be expected to do

• Plan and execute internal cyber security audits and control reviews across applications, infrastructure, and business processes.
• Document findings, assess risk and impact, and track remediation through closure with respective teams.

• Conduct security due diligence for vendors and third parties: review security questionnaires, certifications, and technical controls to ensure they meet organizational requirements.
• Identify and track vendor risks, recommend mitigation measures, and support contractual security requirements where needed.

• Work with stakeholders to maintain and test business continuity and disaster recovery (BCP/DR) plans.
• Plan, coordinate, and document tabletop exercises and technical BCP/DR drills, track and follow up on corrective actions.

• Maintain up‑to‑date security policies, standards, procedures, and guidelines, ensuring alignment with NIST CSF, ISO 27001, and relevant regulations.
• Prepare regular reports and dashboards on audit findings, risk status, BCP drill outcomes, vendor risk posture, and ISMS/NIST CSF progress for management.
• Maintain and update the cyber risk register, working with control owners and business stakeholders to identify, assess, and prioritize risks.
• Perform risk assessments (likelihood/impact), propose risk treatment options (mitigate, accept, transfer, avoid), and track treatment plans to closure.

• Develop and deliver cyber security awareness sessions and targeted training for employees, including phishing awareness, secure handling of data, and role‑based security topics.
• Create clear, engaging communication materials (presentations, FAQs, quick guides) to improve security culture.

You might be a strong candidate if you have/are

• Bachelor's degree in any engineering discipline.
• At least 3 years of experience in cyber governance, risk and compliance domain.
• Experience in implementing security controls and processes across business functions adhering to NIST CSF, ISO 27001 standards.
• Practical experience into at least 70% of the above-mentioned responsibilities.
• Exposure to industry standards and regulations (e.g., SOC 2, ISO 27001, GDPR/DPDP etc.).
• Security certifications such as CISA, ISO 27001 Lead Implementer / Lead Auditor is preferred.
• AI‑governance or AI‑risk credentials such as ISO/IEC 42001 training, NIST AI RMF Architect/Lead Implementer, or recognized AI Security & Governance certifications is a strong plus.
• Good communication and interpersonal skills, with the ability to engage effectively with diverse stakeholders.

What Sun King offers

• Professional growth in a dynamic, rapidly expanding, high-social-impact industry
• An open-minded, collaborative culture made up of enthusiastic colleagues who are driven by the challenge of innovation towards profound impact on people and the planet.
• A truly multicultural experience: You will have the chance to work with and learn from people from different geographies, nationalities, and backgrounds.
• Structured, tailored learning and development programs that help you become a better leader, manager, and professional through the Sun King Center for Leadership.