Risk Analyst (Security Governance)

Key Responsibilities:

• Risk Identification & Assessment
• Conduct risk assessments for systems, applications, projects, and business processes.
• Identify and evaluate information security risks, threats, and vulnerabilities.
• Maintain an up-to-date risk register with clear risk categorisation, ownership, and mitigation strategies.
• Support security control design and risk treatment plans.
• Policy & Framework Compliance
• Monitor adherence to internal security policies, standards, and procedures.
• Support implementation and enforcement of security governance frameworks (e.g., NIST, ISO 27001, SOC 2).
• Assist in gap analysis and remediation planning for audits, assessments, and compliance reviews.
• Third-Party Risk Management
• Assess risks associated with vendors, partners, and third-party service providers.
• Participate in vendor risk assessments, questionnaires, and ongoing monitoring.
• Track remediation of identified third-party risks and ensure alignment with contractual requirements.
• Risk Reporting & Metrics
• Produce regular risk reports for Information Security leadership and key stakeholders.
• Define, collect, and report on key risk metrics and indicators.
• Support management in understanding residual risk, trends, and emerging threats.
• Audit & Assurance Support
• Assist in internal and external audits related to information security risk management.
• Prepare documentation, evidence, and responses for audit inquiries.
• Ensure risk mitigation and control implementation progress is tracked and reported.
• Security Awareness & Stakeholder Engagement
• Work with business and IT teams to raise awareness of security risks and best practices.
• Provide guidance and support to risk owners in managing and mitigating identified risks.
• Build effective relationships with stakeholders to embed a risk-aware culture.
• Continuous Improvement
• Keep abreast of emerging threats, vulnerabilities, and regulatory changes affecting risk posture.
• Recommend improvements to risk assessment methodologies, governance processes, and reporting tools.
• Contribute to the maturity of Keyloop’s Security Governance and Risk Management capability.

Required Experience & skillsets

• 3–5 years of experience in information security risk management, security governance, or related roles.
• Practical experience conducting risk assessments, maintaining risk registers, and supporting remediation efforts.
• Familiarity with security frameworks such as NIST CSF, ISO 27001, SOC 2, or similar.
• Experience with third-party risk management processes and vendor assessments.
• Exposure to IT, cloud, and business process risk identification.


• Skills & Competencies
• Technical Skills
• Information security risk assessment and management
• Security governance frameworks and compliance standards
• Risk reporting and metric definition
• Audit support and evidence collection
• Soft Skills
• Strong analytical and problem-solving abilities
• Effective written and verbal communication
• Ability to influence stakeholders and collaborate across teams
• Detail-oriented with strong organizational and documentation skills
• Proactive and adaptable mindset