Risk Assessment and Management Senior Analyst

Location: Bengaluru

At Zimmer Biomet, we believe in pushing the boundaries of innovation and driving our mission forward. As a global medical technology leader for nearly 100 years, a patient's mobility is enhanced by a Zimmer Biomet product or technology every 8 seconds. As a Zimmer Biomet team member, you will share in our commitment to providing mobility and renewed life to people around the world.

To support our talent team, we focus on development opportunities, robust employee resource groups (ERGs), a flexible working environment, location specific competitive total rewards, wellness incentives and a culture of recognition and performance awards. We are committed to creating an environment where every team member feels included, respected, empowered and recognised.

What You Can Expect

The Senior Risk Assessment & Management Analyst supports global enterprise cyber and technology risk programs by independently executing complex risk assessments, maintaining risk data quality, and providing actionable risk insights to global stakeholders. This role operates with limited supervision and serves as a subject matter expert for risk methodology and assessment execution within the Bangalore GCC.

Work Location:

Bangalore

Work Mode:
Hybrid (3 Days in office)

How You'll Create Impact

Lead execution of enterprise cyber and technology risk assessments aligned to NIST CSF, ISO 27001, and internal risk frameworks.
Perform inherent and residual risk analysis, control effectiveness assessments, and risk scoring.
Maintain and update the enterprise risk register, ensuring accuracy, consistency, and timely remediation tracking.
Conduct third-party, cloud, and application risk assessments in coordination with global security teams.
Support business impact analyses (BIA) and risk scenario modeling.
Prepare executive-ready risk reports, dashboards, and summaries for global leadership.
Partner with Internal Audit and Compliance on control testing, evidence collection, and remediation validation.
Identify risk trends and emerging threats and escalate insights to management.
Mentor Risk Analysts and support onboarding and knowledge transfer within the GCC.

What Makes You Stand Out

Technical Skills

Experience:

5+ years in GRC/Risk Management
Core

Competency:

Strong experience in end-to-end Vendor/Third-Party Risk Assessment (TPRM).
Tools:
Proficiency in configuring/operating workflows in any GRC platform (Service Now is preferred/ Archer/ One Trust).
Frameworks:

Experience with ISO 27001 (critical as org is migrating) and NIST Cybersecurity Framework (CSF).
Technical/Audit:
Ability to interpret SOC 1/SOC 2 reports and identify control gaps; experience supporting SOX/HIPAA audits.
Reporting:
High proficiency in Excel for reporting and analytics.

Soft Skills

Ability to translate complex technical risks into business language for stakeholders.
Strong Communication skills

Your Background

Educational Qualification & Experience

Bachelor's degree in Information Security, Risk Management, IT, or related field.
5+ years of experience in cybersecurity risk, IT risk, or GRC.
Demonstrated experience supporting global enterprise risk programs.
Strong analytical, documentation, and stakeholder communication skills.
Ability to work independently and manage multiple concurrent assessments.

Technologies & Tools

GRC Platforms:
Service Now GRC, Archer, One Trust
Risk Frameworks: NIST CSF, ISO 27001, COBIT
Third-Party Risk:
Security Scorecard, Bit Sight, One Trust TPRM
Cloud Risk & Posture: AWS Security Hub, Azure Security Center
Reporting & Analytics:
Power BI, Tableau, Excel
Collaboration & Workflow:
Jira, Confluence, MS Teams

Preferred Certifications

CRISC, CISM, ISO 27001 Lead Implementer or Lead Auditor, CISSP (or in progress)

EOE/M/F/Vet/Disability