Job Description

Role Title

Specialist, Information Security

Reports to

Team Manager, Cybersecurity

Location

Channi/Bangalore, Hybrid

Team

Cybersecurity, OCTO

The Cybersecurity Governance, Risk & Compliance (GRC) function sits within the Chief Information Security Office as part of the Digital and Technology organisation, reporting to the Chief Information Officer at Pearson.

We are seeking a motivated and detail‑oriented Cybersecurity Risk Analyst to support cyber risk and third‑party risk management activities within the Cyber GRC team. This role contributes to how cyber risks are identified, assessed, tracked, and reported across the organisation, working closely with Technology, Data Privacy, Procurement, and Risk Owners.

The role supports informed, risk‑based decision‑making by ensuring cyber risks are clearly documented, understood, and monitored, while enabling the business to move at pace. This is an individual contributor role, focused on high‑quality risk analysis, stakeholder engagement, and consistent execution of Cyber GRC processes.

Key Responsibilities

Cyber Risk Management

• Support the identification, assessment, and documentation of cyber risks across technology and business domains.

• Maintain accurate and up‑to‑date cyber risk records, including risk statements, impact assessments, controls, and remediation plans.

• Work with Designated Risk Owners to ensure risks are clearly articulated in business‑relevant terms and appropriately owned.

• Track risk treatment activities, issues, and remediation progress, highlighting delays or concerns for escalation.

• Contribute to cyber risk reporting and dashboards to support management and senior stakeholder visibility.

• Promote a pragmatic, risk‑based approach to cybersecurity decision‑making across technology initiatives and operational activities.

Third‑Party Risk Management

• Support the execution of the third‑party cyber risk management (TPRM) process in line with business criticality and risk appetite.

• Perform supplier cyber risk assessments and reviews, working with Procurement, Legal, and Technology stakeholders.

• Track third‑party remediation actions, risk acceptances, and reassessments through to closure.

• Support material supplier risk discussions by preparing risk summaries, evidence reviews, and decision documentation.

• Maintain accurate third‑party risk data to support reporting, metrics, and audit or assurance activities.

Stakeholder Engagement & Collaboration

• Partner with Technology, Data Privacy, Procurement, and Risk Owners to gather information and support risk assessments.

• Act as a point of contact for cyber risk and third‑party risk queries within defined areas of responsibility.

• Escalate emerging risks, issues, or blockers to the Team Manager with clear analysis and recommended next steps.

• Contribute to a positive risk culture by supporting constructive, solution‑focused conversations.

GRC Process, Tooling & Continuous Improvement

• Follow and consistently apply Cyber GRC frameworks, standards, and processes.

• Use GRC tooling effectively to manage risk workflows, evidence, and reporting.

• Identify opportunities to simplify risk documentation, improve data quality, or streamline processes.

• Support audits, assessments, and regulatory or assurance activities by providing accurate risk evidence and analysis.

Key Skills & Experience

• Experience in cybersecurity risk management, third‑party risk, IT risk, or GRC within a complex organisation.

• Working knowledge of cyber risk frameworks such as ISO 27001, NIST CSF, or SOC2.

• Strong analytical skills, with the ability to assess risk scenarios and control effectiveness.

• Ability to communicate risk clearly and concisely in written and verbal form.

• Strong attention to detail and ability to manage multiple tasks and priorities.

• Comfortable working with stakeholders across technical and non‑technical teams.

• Professional certifications or progress toward certifications desirable (e.g. CRISC, CISM, CISSP, CISA).

What Success Looks Like

• Cyber risks are accurately identified, documented, and tracked through to resolution or acceptance.

• Risk data is complete, consistent, and reliable, supporting meaningful reporting and decision‑making.

• Third‑party cyber risks are assessed proportionately and managed without creating unexpected exposure.

• Stakeholders experience Cyber GRC as a helpful, pragmatic partner rather than a compliance hurdle.

• The Cyber GRC team operates efficiently with clear visibility of risk posture and priorities.

Why Join Us

• Opportunity to develop deep expertise in cyber risk and third‑party risk management.

• Exposure to a wide range of technology, suppliers, and business stakeholders.

• Clear development pathway within a maturing Cyber GRC capability.

• Supportive environment with strong focus on learning, growth, and professional development.