Specialist, Information Security at Pearson PlcWestminster

Bangalore, karnataka, India -

Full Time

Start Date

Immediate

Expiry Date

25 Jun, 26

Salary

0.0

Posted On

27 Mar, 26

Experience

2 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Cybersecurity Risk Management, Third-Party Risk Management, GRC, Risk Assessment, Risk Tracking, Risk Reporting, Stakeholder Engagement, ISO 27001, NIST CSF, SOC2, Analytical Skills, Risk Communication, Attention To Detail, GRC Tooling, Process Improvement, Risk Culture

Industry

education

Description

Role Title Specialist, Information Security Reports to Team Manager, Cybersecurity Location Channi/Bangalore, Hybrid Team Cybersecurity, OCTO Role Overview The Cybersecurity Governance, Risk & Compliance (GRC) function sits within the Chief Information Security Office as part of the Digital and Technology organisation, reporting to the Chief Information Officer at Pearson. We are seeking a motivated and detail‑oriented Cybersecurity Risk Analyst to support cyber risk and third‑party risk management activities within the Cyber GRC team. This role contributes to how cyber risks are identified, assessed, tracked, and reported across the organisation, working closely with Technology, Data Privacy, Procurement, and Risk Owners. The role supports informed, risk‑based decision‑making by ensuring cyber risks are clearly documented, understood, and monitored, while enabling the business to move at pace. This is an individual contributor role, focused on high‑quality risk analysis, stakeholder engagement, and consistent execution of Cyber GRC processes. Key Responsibilities Cyber Risk Management * Support the identification, assessment, and documentation of cyber risks across technology and business domains. * Maintain accurate and up‑to‑date cyber risk records, including risk statements, impact assessments, controls, and remediation plans. * Work with Designated Risk Owners to ensure risks are clearly articulated in business‑relevant terms and appropriately owned. * Track risk treatment activities, issues, and remediation progress, highlighting delays or concerns for escalation. * Contribute to cyber risk reporting and dashboards to support management and senior stakeholder visibility. * Promote a pragmatic, risk‑based approach to cybersecurity decision‑making across technology initiatives and operational activities. Third‑Party Risk Management * Support the execution of the third‑party cyber risk management (TPRM) process in line with business criticality and risk appetite. * Perform supplier cyber risk assessments and reviews, working with Procurement, Legal, and Technology stakeholders. * Track third‑party remediation actions, risk acceptances, and reassessments through to closure. * Support material supplier risk discussions by preparing risk summaries, evidence reviews, and decision documentation. * Maintain accurate third‑party risk data to support reporting, metrics, and audit or assurance activities. Stakeholder Engagement & Collaboration * Partner with Technology, Data Privacy, Procurement, and Risk Owners to gather information and support risk assessments. * Act as a point of contact for cyber risk and third‑party risk queries within defined areas of responsibility. * Escalate emerging risks, issues, or blockers to the Team Manager with clear analysis and recommended next steps. * Contribute to a positive risk culture by supporting constructive, solution‑focused conversations. GRC Process, Tooling & Continuous Improvement * Follow and consistently apply Cyber GRC frameworks, standards, and processes. * Use GRC tooling effectively to manage risk workflows, evidence, and reporting. * Identify opportunities to simplify risk documentation, improve data quality, or streamline processes. * Support audits, assessments, and regulatory or assurance activities by providing accurate risk evidence and analysis. Key Skills & Experience * Experience in cybersecurity risk management, third‑party risk, IT risk, or GRC within a complex organisation. * Working knowledge of cyber risk frameworks such as ISO 27001, NIST CSF, or SOC2. * Strong analytical skills, with the ability to assess risk scenarios and control effectiveness. * Ability to communicate risk clearly and concisely in written and verbal form. * Strong attention to detail and ability to manage multiple tasks and priorities. * Comfortable working with stakeholders across technical and non‑technical teams. * Professional certifications or progress toward certifications desirable (e.g. CRISC, CISM, CISSP, CISA). What Success Looks Like * Cyber risks are accurately identified, documented, and tracked through to resolution or acceptance. * Risk data is complete, consistent, and reliable, supporting meaningful reporting and decision‑making. * Third‑party cyber risks are assessed proportionately and managed without creating unexpected exposure. * Stakeholders experience Cyber GRC as a helpful, pragmatic partner rather than a compliance hurdle. * The Cyber GRC team operates efficiently with clear visibility of risk posture and priorities. Why Join Us * Opportunity to develop deep expertise in cyber risk and third‑party risk management. * Exposure to a wide range of technology, suppliers, and business stakeholders. * Clear development pathway within a maturing Cyber GRC capability. * Supportive environment with strong focus on learning, growth, and professional development.

How To Apply:

Incase you would like to apply to this job directly from the source, please click here

Responsibilities

This role supports cyber risk and third-party risk management activities by identifying, assessing, tracking, and reporting cyber risks across the organization in collaboration with Technology, Data Privacy, and Procurement teams. Key duties involve maintaining accurate risk records, tracking remediation efforts, and supporting supplier cyber risk assessments.