Senior Cybersecurity GRC Analyst 7+

NovBliss seeks a highly skilled Senior Cybersecurity GRC Analyst to join our dynamic team in Hyderabad, Telangana, India. In this role, you will be instrumental in defining requirements for business continuity, operations security, cryptography, forensics, regulatory compliance, and insider threat mitigation. You will assess and mitigate system security threats and risks throughout the program life cycle, validate system security requirements definition and analysis, and implement and validate security designs in hardware, software, data, and procedures. Your responsibilities will include system certification and accreditation planning, testing, and liaison activities, alongside a deep understanding of Identity, Lifecycle, and Governance capabilities and their intersection with other cybersecurity domains.

You will identify and assess cybersecurity risks through business analysis, proposing solutions to mitigate them and contributing to overall business continuity and security resilience. Demonstrated expertise in GRC frameworks and processes, including system selection, administration, and supporting core GRC functions, is essential. You will lead the design and implementation of process flows aligned with business objectives, collaborating with IT, legal, compliance, and product security teams to mitigate risks across products and services. Maintaining up-to-date knowledge of cybersecurity regulations and standards specific to the medical device industry (FDA, HIPAA, IEC 62443, NIST, NIS 2) is crucial. You will drive improvements in the GRC platform through workflow automation, tool integration, and risk management process optimization.

Minimum Qualifications: High school diploma (or equivalent) and 12+ years of experience; OR Bachelor’s degree and 7+ years of experience; OR advanced degree and 5+ years of experience.

Preferred Qualifications:

• 7+ years of experience in cybersecurity GRC, external/internal audit, preferably within the medical device or healthcare industry.
• Strong understanding of cybersecurity frameworks, regulatory requirements, risk management, and industry best practices (e.g., HIPAA, NIST, ISO 27001, GDPR).
• Minimum 5 years of experience executing key risk management activities, including risk assessments using quantitative and qualitative methodologies like FAIR.
• At least 3 years of active participation in designing and implementing comprehensive risk management programs within a large organization.
• Proven expertise in process design and improvement related to risk management frameworks.
• Experience conducting NIST risk assessments (e.g., NIST CSF, NIST 800-53).
• Strong knowledge of regulatory changes impacting IT risk assessments (GDPR, HIPAA).
• Knowledge of Operational Technology (OT) risk management is a plus.
• Minimum 3 years of experience evaluating technical design documents for systems to assess associated risks.

Preferred Skills & Competencies: Excellent communication and interpersonal skills, critical and strategic thinking, and excellent presentation skills with the ability to communicate complex risk management concepts to executive audiences. Familiarity with GRC tools (ServiceNow, LogicGate, OneTrust) and a strong understanding of technical infrastructure (networks, cloud, endpoints, medical device systems) are highly valued. Experience with system integration and data flow analysis within GRC tools, leveraging APIs and automation, is beneficial.

Certifications: CISSP, CRISC, CISA are preferred.