Natobotics - Lead Support Analyst - Cyber Risk Management (6-8 yrs)

Lead Support Analyst - Third Party Cyber Risk

Location : Mumbai Locals Only

Experience : 6-8 Years

Work Type : 5 days office mandated (On-site)

Job Type : Full-time

Job Overview :

We are seeking a highly skilled and experienced Lead Support Analyst - Third Party Cyber Risk with 6-8 years of experience to join our team in Mumbai. This is a mandatory 5-day in-office role. The ideal candidate will play a critical role in supporting and enhancing our Third-Party Cyber Risk Management program. You will be responsible for providing expert-level technical support, managing risk assessment tools, analyzing security posture of third-party vendors, and leading initiatives to ensure our extended enterprise ecosystem remains secure and compliant with cybersecurity frameworks.

Responsibilities :

- Provide Level 2/3 technical and operational support for Third Party Cyber Risk Management platforms and tools.

- Lead the configuration, maintenance, and optimization of third-party risk assessment platforms, vendor security questionnaires, and associated data feeds.

- Analyze complex technical security findings from vendor assessments, security reports, and audits to identify potential cyber risks.

- Collaborate closely with internal stakeholders, including IT, procurement, legal, and business units, to understand their third-party risk requirements and provide technical guidance.

- Develop and maintain documentation for third-party cyber risk processes, tool configurations, and standard operating procedures.

- Troubleshoot and resolve technical issues related to third-party risk platforms, data integration, and reporting.

- Support the automation of third-party risk assessment workflows and data collection processes using scripting or platform functionalities.

- Assist in the definition and implementation of security controls and mitigation strategies for identified third-party risks.

- Generate and analyze reports on third-party security posture, risk trends, and compliance status for management reporting.

- Act as a subject matter expert on technical aspects of third-party cyber risk, advising on best practices and emerging threats.

- Participate in or lead technical discussions with third-party vendors regarding their security controls and remediation efforts.

- Ensure all activities comply with internal policies, industry regulations, and cybersecurity frameworks.

- Mentor junior analysts and contribute to the continuous improvement of the Third Party Cyber Risk program.

Required Skills & Qualifications :

- 6-8 years of experience in cybersecurity, with a significant focus on Third-Party Cyber Risk, Vendor Risk Management, or GRC (Governance, Risk, and Compliance) support.

- Strong technical understanding of cybersecurity principles, frameworks (for example, NIST, ISO 27001), and common security controls.

- Experience with third-party risk management platforms or GRC tools for vendor assessments.

- Ability to analyze technical security reports, penetration test results, and vulnerability scan reports.

- Familiarity with various security domains such as network security, application security, data security, and cloud security.

- Proficiency in creating and understanding technical documentation related to security and risk.

- Strong problem-solving and analytical skills, with a detail-oriented approach.

- Excellent communication skills, both written and verbal, with the ability to articulate technical risk clearly to diverse audiences.

- Bachelors degree in Computer Science, Information Technology, Cybersecurity, or a related fieldor equivalent practical experience.

Preferred Skills :

- Relevant certifications such as CTPRP, CISM, CISSP, CRISC, or similar.

- Experience with scripting languages for automation, such as Python or PowerShell.

- Knowledge of cloud security concepts, particularly in AWS or Azure.

- Exposure to contractual security clauses and legal aspects of vendor agreements.

- Experience in a large enterprise environment, ideally in a regulated industry.