Senior IT Risk Specialist

SENIOR IT RISK SPECIALIST

Job Code:SEN-IN-0286

City:Remote Anywhere in India

Experience:7+

Skills:7–12 years of experience in IT Risk Management, IT Audit, Cybersecurity, Hands-on experience with governance and risk frameworks, proven experience supporting audits, risk assessments, compliance initiatives

Posted On:23-06-2026

Location:India (Remote)

Engagement Type:Freelance / Contract

Work Schedule:Fully Remote | Minimum 25 Hours per Week

Role Overview

We are seeking an experienced Senior IT Risk Specialistto support the identification, assessment, and mitigation of technology-related risks across the organization. This role will ensure that IT systems, processes, and controls align with security, regulatory, and operational requirements.

The successful candidate will collaborate closely with Cybersecurity, Infrastructure, Compliance, and Business stakeholders to strengthen the organization's risk posture, improve governance practices, and support audit readiness.

Key Responsibilities

IT Risk Assessment & Governance

1. Lead enterprise-wide IT risk assessments, including annual, quarterly, and project-based reviews.

2. Maintain and enhance the IT Risk Management Framework aligned with ISO 27001, NIST, COBIT, and applicable regulatory requirements.

3. Identify emerging technology risks and develop practical mitigation strategies.

4. Maintain risk registers and ensure accurate tracking of risk treatment activities.

Control Design & Assurance

1. Evaluate the design and effectiveness of IT General Controls (ITGCs), application controls, and security controls.

2. Conduct periodic control testing and identify control gaps, weaknesses, and remediation opportunities.

3. Support internal and external audits by preparing evidence, documentation, and remediation plans.

4. Monitor remediation activities to ensure timely closure of identified findings.

Policy, Compliance & Regulatory Alignment

1. Ensure compliance with relevant standards and regulations, including GDPR, PCI-DSS, SOX (where applicable), and other industry requirements.

2. Review, develop, and update IT policies, procedures, standards, and governance documentation.

3. Assess third-party and vendor risks and ensure adherence to security and contractual obligations.

Incident & Vulnerability Risk Management

1. Partner with Cybersecurity teams to analyze incidents, vulnerabilities, and threat intelligence from a risk perspective.

2. Track remediation of critical and high-risk vulnerabilities.

3. Provide risk guidance during incident response activities and post-incident reviews.

Stakeholder Engagement & Reporting

1. Prepare and present risk dashboards, KRIs, risk reports, and executive summaries to leadership and governance committees.

2. Advise project teams on risk implications associated with cloud adoption, digital transformation initiatives, and system changes.

3. Act as a trusted subject matter expert on IT risk management and governance practices.

Required Skills & Experience

1. 7–12 years of experience in IT Risk Management, IT Audit, Cybersecurity, Information Security, or Technology Governance.

2. Strong understanding of: T General Controls (ITGCs), Cloud Security (AWS, Azure, and/or GCP), Network Security, Identity & Access Management (IAM), Application Security

3. Hands-on experience with governance and risk frameworks such as ISO 27001, NIST CSF, COBIT, and ITIL.

4. Proven experience supporting audits, risk assessments, compliance initiatives, and control assurance programs.

5. Ability to translate complex technical risks into business-friendly recommendations.

6. Excellent documentation, reporting, presentation, and stakeholder management skills.

Preferred Certifications

1. CRISC – Certified in Risk and Information Systems Control

2. CISA – Certified Information Systems Auditor

3. CISM – Certified Information Security Manager

4. ISO 27001 Lead Auditor or Lead Implementer

5. CISSP (Highly Desirable)

Key Competencies

1. Strong analytical and critical-thinking skills

2. Structured problem-solving approach

3. Excellent communication and executive reporting abilities

4. Risk-based decision-making mindset

5. Ability to influence and collaborate across cross-functional teams

6. High attention to detail with a strong governance focus

Success Indicators

1. Reduction in high-risk findings and improvement in control maturity levels

2. Timely completion of risk assessments, audits, and remediation activities

3. Strong audit outcomes with minimal repeat findings

4. Increased risk awareness across IT and business functions

5. Effective reporting and engagement with leadership and governance committees