Security Risk Analyst
Actively Reviewing the ApplicationsUltraViolet Cyber
India, Telangana, Hyderabad
Full-Time
On-site
Posted 3 weeks ago
•
Apply by April 27, 2026
Job Description
Role Summary
We are looking for a Security Risk Analyst with 2 years of experience to help identify, assess, and manage information security risks across our organization.
In this role, he/she will work closely with IT, security, and business teams to evaluate threats, review controls, and support risk‑based decision‑making that keeps our systems, data, and customers safe.
Key Responsibilities
Conduct security risk assessments on applications, infrastructure, vendors, and business processes.
Identify threats, vulnerabilities, and control gaps, and document associated risks and impacts.
Contribute to risk registers, ensuring risks are clearly described, rated, and tracked.
Review and evaluate the effectiveness of existing security controls and recommend improvements.
Support compliance efforts with relevant standards/regulations (e.g., ISO 27001, NIST, SOC 2, PCI-DSS, GDPR, etc. as applicable).
Support the development, review, and maintenance of security policies, standards, and procedures.
Document risk assessment results, remediation plans, and status updates in a structured, clear way.
Maintain up-to-date security and risk documentation (e.g., risk registers, asset inventories, vendor assessments).
Prepare reports, dashboards, and presentations summarising security risks and remediation status.
Communicate risk findings and recommendations in business-friendly language.
Work with business owners to define risk treatment plans and timelines.
Required Qualifications & Experience
Bachelor’s degree in information security, Computer Science, IT, Risk Management, or a related field (or equivalent practical experience).
2 years of experience in information security, IT risk management, vendor management, or cyber security roles.
Strong Understanding of OWASP Top 10
Awareness of ISO 27001 controls and NIST Cyber security Framework
Experience performing risk assessments, security reviews, or internal/external audits.
Familiarity with risk management concepts (likelihood/impact, inherent vs. residual risk, risk appetite).
Soft Skills
Ability to analyse technical information, identify risks, and propose practical mitigation.
Clear written and verbal communication with both technical and non‑technical stakeholders.
Comfortable working with cross‑functional teams (IT, Security, Legal, Compliance, Business).
Able to manage multiple tasks, assessments, and deadlines simultaneously.
Proactive mindset: able to suggest realistic, risk-based solutions rather than just identifying issues.
Preferred Qualifications
CEH, CompTIA Security+, ECSA, or EC-Council cyber security certification.
ISO 27001 Internal Auditor
Experience with:
GRC or risk management tools (e.g., Archer, Service Now GRC, One Trust, etc.)
Cloud environments (AWS, Azure, GCP) and their security concepts.
Working in regulated or high‑compliance environments (e.g., finance, healthcare, SaaS).
We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.
We are looking for a Security Risk Analyst with 2 years of experience to help identify, assess, and manage information security risks across our organization.
In this role, he/she will work closely with IT, security, and business teams to evaluate threats, review controls, and support risk‑based decision‑making that keeps our systems, data, and customers safe.
Key Responsibilities
Conduct security risk assessments on applications, infrastructure, vendors, and business processes.
Identify threats, vulnerabilities, and control gaps, and document associated risks and impacts.
Contribute to risk registers, ensuring risks are clearly described, rated, and tracked.
Review and evaluate the effectiveness of existing security controls and recommend improvements.
Support compliance efforts with relevant standards/regulations (e.g., ISO 27001, NIST, SOC 2, PCI-DSS, GDPR, etc. as applicable).
Support the development, review, and maintenance of security policies, standards, and procedures.
Document risk assessment results, remediation plans, and status updates in a structured, clear way.
Maintain up-to-date security and risk documentation (e.g., risk registers, asset inventories, vendor assessments).
Prepare reports, dashboards, and presentations summarising security risks and remediation status.
Communicate risk findings and recommendations in business-friendly language.
Work with business owners to define risk treatment plans and timelines.
Required Qualifications & Experience
Bachelor’s degree in information security, Computer Science, IT, Risk Management, or a related field (or equivalent practical experience).
2 years of experience in information security, IT risk management, vendor management, or cyber security roles.
Strong Understanding of OWASP Top 10
Awareness of ISO 27001 controls and NIST Cyber security Framework
Experience performing risk assessments, security reviews, or internal/external audits.
Familiarity with risk management concepts (likelihood/impact, inherent vs. residual risk, risk appetite).
Soft Skills
Ability to analyse technical information, identify risks, and propose practical mitigation.
Clear written and verbal communication with both technical and non‑technical stakeholders.
Comfortable working with cross‑functional teams (IT, Security, Legal, Compliance, Business).
Able to manage multiple tasks, assessments, and deadlines simultaneously.
Proactive mindset: able to suggest realistic, risk-based solutions rather than just identifying issues.
Preferred Qualifications
CEH, CompTIA Security+, ECSA, or EC-Council cyber security certification.
ISO 27001 Internal Auditor
Experience with:
GRC or risk management tools (e.g., Archer, Service Now GRC, One Trust, etc.)
Cloud environments (AWS, Azure, GCP) and their security concepts.
Working in regulated or high‑compliance environments (e.g., finance, healthcare, SaaS).
We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.
Required Skills
Quick Tip
Customize your resume and cover letter to highlight relevant skills for this position to increase your chances of getting hired.
Related Similar Jobs
View All
Backend Support Engineer (Node.js & MongoDB)
Uplers
India
Full-Time
MongoDB
GraphQL
Analytics
+3
Manager-Non-FS-Kolkata-Risk Advisory
BDO India
India
Full-Time
Engineering
MARKETING
Risk Management
Business Analyst
Virtusa
India
Full-Time
Cloud
Google Cloud
Databases
+1
Java Software Engineer-Digital Banking, Payments
American Express
India
Full-Time
₹8–17 LPA
Engineering
Testing
Software development
+1
Quality Assurance, Monitoring & Testing Sr. Manager - VP
Citi
India
Full-Time
Risk Management
Testing
Quick Apply
Upload your resume to apply for this position