Information Security Analyst

Burns and McDonnell's Engineering India is seeking a skilled Information Security Analyst specializing in Government, Risk & Compliance (GRC). This role is integral to safeguarding our organization's digital assets and ensuring adherence to stringent security standards. The analyst will be responsible for conducting comprehensive cybersecurity risk assessments, meticulously documenting findings, assigning risk ratings, and formulating actionable recommendations. A key responsibility involves leading third-party risk assessments for our diverse network of vendors, suppliers, and technology partners. The position requires the ability to interpret and apply complex regulatory, contractual, and framework requirements to real-world business scenarios. Support for external audits, certifications, and client-facing security assessments will also be a core duty. The ideal candidate will provide expert advice to stakeholders on effective mitigation strategies and diligently track the progress of remediation efforts. Responsibilities extend to analyzing the security risks associated with both new and existing computer applications, software, and services. Additionally, the analyst will contribute to cybersecurity awareness initiatives by delivering training sessions and executing simulated phishing campaigns. This role involves leading CAS Objectives and Key Results (OKRs), initiatives, and projects that have low to moderate operational impact on the business. Participation in the CAS Weekly Champion rotation and enhancement of defined Champion duties is also expected. All other assigned duties will be undertaken as required.

Qualifications:

• A Bachelor’s degree in Cybersecurity, Information Systems, Risk Management, or a closely related field (or equivalent practical experience).
• Demonstrated experience independently performing cybersecurity risk, compliance, or assurance activities.
• Proven experience engaging directly with business stakeholders or third parties on critical cybersecurity matters.
• A strong ability to translate complex security and compliance requirements into clear, business-relevant guidance.
• Excellent written and verbal communication skills.
• Applied experience with industry-standard frameworks such as NIST, ISO 27001, SOC 2, or similar.
• Preferred: A professional cybersecurity certification (e.g., Security+, CISA, CRISC, CISSP).