Security Governance Analyst

Wildnet Technologies is seeking a dedicated Security Governance Analyst to join our team in Noida. This pivotal role supports our Chief Information Security Officer (CISO) by managing outsourced security programs and assessments. You will be instrumental in identifying potential threats, evaluating existing controls, and developing proactive strategies to prevent or mitigate cybersecurity risks.

This position requires a strong understanding of various industry standards and frameworks, including NIST CSF, ISO 27001, HITRUST, and CIS Controls, to enhance our clients' security posture. You will also provide crucial governance support to our virtual CISO (vCISO) team, delivering essential updates to risk registers, conducting control gap analyses, benchmarking policies, and contributing to maturity scoring.

Your work will ensure that vCISOs have accurate, organized, and up-to-date information, enabling them to make informed strategic recommendations, develop robust security roadmaps, and deliver impactful executive-level presentations.

Key Responsibilities:

• Analyze SOC reports, vulnerability assessments, policy gaps, and third-party risk data to identify key security insights.
• Maintain and update the Risk Register according to established Service Level Agreements (SLAs).
• Document risk likelihood, impact, remediation recommendations, and supporting evidence.
• Review and benchmark client policies against established CyberSecOp templates and industry standards.
• Map client environments to relevant security frameworks such as NIST CSF, CIS Controls, ISO 27001, and HITRUST.
• Support maturity scoring initiatives and document areas for improvement.
• Coordinate governance tasks with Program Managers to ensure alignment with client schedules.
• Collaborate with the Vulnerability Management team to interpret scan findings and prioritize remediation efforts.
• Partner with SOC analysts to understand recurring threats and identify systemic risks.
• Maintain accurate and current client asset inventories.
• Prepare comprehensive governance, risk, and compliance reports for CISO and vCISO review.
• Draft content for Quarterly Business Reviews and year-end presentations.
• Analyze phishing campaign data to identify user behavior trends and inform training strategies.
• Assist in evaluating cyber insurance readiness and identifying required controls.
• Support evidence collection for assessments and audits.
• Assist in corrective action planning and document the progress of remediation efforts.
• Maintain accurate and organized governance documentation.
• Undertake additional responsibilities as assigned.

Risk Register SLAs:

• Enter newly identified risks within 5 business days.
• Update open risks monthly or per the defined reporting cadence.
• Archive closed risks within 5 business days.

Qualifications:

• Demonstrated experience in cybersecurity governance, GRC, compliance, or risk analysis.
• Proficiency with cybersecurity frameworks including NIST CSF, ISO 27001, CIS Controls, and HITRUST.
• Ability to interpret vulnerability and SOC reports effectively.
• Excellent technical writing and documentation skills.
• Experience utilizing GRC platforms such as Apptega, RiskOptics, A-Scend, or Risk Cognizance.
• Strong organizational and analytical skills.

Preferred Certifications:

• CRISC, CISM, CISA, CISSP, ISO 27001 Implementer or Auditor.