Lead Risk Analyst, Cyber Security

Country:

India

Location:

Ecospace Campus 3A, 4th Floor, Outer Ring Road, Bellandur, Bengaluru- 560103

Position Title: Lead Risk Analyst – Cyber Security

Location: Bangalore/Hyderabad

About the Role: : To lead the identification, assessment, management, and governance of IT risks across Carrier’s enterprise environment. This role is critical to ensuring the resilience of IT services and the integrity of Carrier's information assets by embedding a robust IT risk management framework aligned with global standards and Carrier's strategic goals. The IT Risk Lead acts as the strategic owner of risk governance while working closely with IT Risk Analysts who are responsible for the day-to-day execution and operationalization of controls, assessments, and reporting.

Key Responsibilities:

1. IT Risk Governance & Framework Management

• Design, implement, and maintain the IT Risk Management Framework aligned with Carrier based Digital Risk Framework which is derived from NIST CSF and ISO 27001.
• Define IT risk taxonomy, thresholds, and escalation protocols for consistent enterprise-wide adoption.
• Serve as the primary liaison for IT risk matters across Carrier's global business units, infrastructure, and application teams.
• Serve as the primary record creator for risks in ServiceNow GRC application.
• Key person contributing to the design and implementation of Risk 2.0 framework in SNOW which covers Risk issues and exception handling.

2. Risk Identification, Assessment & Prioritization

• Conduct and oversee IT risk assessments (inherent and residual) across critical applications, infrastructure, and projects.
• Guide IT Risk Analysts in executing risk analysis, evidence collection, and scoring processes.
• Facilitate scenario-based and targeted risk assessments for high-impact areas including cloud migrations, system upgrades, and M&A.
• Maintain and update risk registers, scoring models, and risk heatmaps using GRC tools - ServiceNow IRM

3. Control Management & Monitoring

• Define and implement key risk indicators (KRIs) and key control indicators (KCIs) for ongoing risk monitoring.
• Supervise IT Risk Analysts in evaluating control effectiveness and documenting evidence.
• Develop action plans for control deficiencies, monitor remediation, and report control maturity metrics.

4. Exception & Deviation Handling

• Lead the end-to-end management of risk exceptions, waivers, and deviations from IT policy.
• Oversee the workflows managed by analysts and ensure that exceptions are timely reviewed and approved by appropriate stakeholders.
• Automate exception workflows and integrate them with CMDB and audit logs for traceability.

5. Stakeholder Engagement & Risk Reporting

• Prepare and present monthly/quarterly risk dashboards to senior leadership, Risk Council, and DCC.
• Conduct regular stakeholder sessions to capture risk concerns, share insights, and promote risk ownership.
• Provide risk insights to inform IT strategic decisions, budget allocations, and project prioritization.

6. Awareness, Training & Culture Building

• Develop and deliver IT risk training modules to application owners, support teams, and project managers.
• Promote a risk-aware culture through playbooks, campaigns, and collaborative learning sessions.
• Partner with HR and L&D to integrate IT risk content into employee training journeys.
• Mentor and coach IT Risk Analysts to build operational maturity and grow internal expertise.

Qualifications:

• Bachelor's Degree in Computer Science, or related field.
• Minimum 8-10 years in IT risk management, audit, or cyber governance.
• Strong knowledge of risk frameworks (NIST, ISO 27001, COBIT), internal controls, and security policies.
• Hands-on experience with GRC platforms such as ServiceNow IRM, RSA Archer

Certifications (Preferred):

• CRISC, CISA, CISSP, or ISO 27001 Lead Implementer.

Key Attributes:

• Strategic thinking with tactical execution.
• Strong interpersonal, influencing, and negotiation skills.
• Analytical mindset with the ability to simplify complex risk narratives for business audiences.
• Proven ability to lead cross-functional teams and manage multi-country risk engagements.

Benefits:

• We are committed to offering competitive benefits programs for all of our employees, and enhancing our programs when necessary.

• Have peace of mind and body with our health insurance

• Make yourself a priority with flexible schedules and leave Policy

• Drive forward your career through professional development opportunities Achieve your personal goals with our Employee Assistance Programme

Our commitment to you:

Our greatest assets are the expertise, creativity and passion of our employees. We strive to provide a great place to work that attracts, develops and retains the best talent, promotes employee engagement, fosters teamwork and ultimately drives innovation for the benefit of our customers. We strive to create an environment where you feel that you belong, with diversity and inclusion as the engine to growth and innovation. We develop and deploy best-in-class programs and practices, providing enriching career opportunities, listening to employee feedback and always challenging ourselves to do better. This is The Carrier Way.

Join us and make a difference.

Carrier is An Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age or any other federally protected class.

Job Applicant's Privacy Notice:

Click on this link to read the Job Applicant's Privacy Notice