Specialist, Information Security

**Role Title** Specialist, Information Security **Reports to** Team Manager, Cybersecurity **Location** Channi/Bangalore, Hybrid **Team** Cybersecurity, OCTO **Role Overview** The Cybersecurity Governance, Risk & Compliance (GRC) function sits within the Chief Information Security Office as part of the Digital and Technology organisation, reporting to the Chief Information Officer at Pearson. We are seeking a motivated and detail‑oriented **Cybersecurity Risk Analyst** to support cyber risk and third‑party risk management activities within the Cyber GRC team. This role contributes to how cyber risks are identified, assessed, tracked, and reported across the organisation, working closely with Technology, Data Privacy, Procurement, and Risk Owners. The role supports informed, risk‑based decision‑making by ensuring cyber risks are clearly documented, understood, and monitored, while enabling the business to move at pace. This is an individual contributor role, focused on high‑quality risk analysis, stakeholder engagement, and consistent execution of Cyber GRC processes. **Key Responsibilities** **Cyber Risk Management** + Support the identification, assessment, and documentation of cyber risks across technology and business domains. + Maintain accurate and up‑to‑date cyber risk records, including risk statements, impact assessments, controls, and remediation plans. + Work with Designated Risk Owners to ensure risks are clearly articulated in business‑relevant terms and appropriately owned. + Track risk treatment activities, issues, and remediation progress, highlighting delays or concerns for escalation. + Contribute to cyber risk reporting and dashboards to support management and senior stakeholder visibility. + Promote a pragmatic, risk‑based approach to cybersecurity decision‑making across technology initiatives and operational activities. **Third‑Party Risk Management** + Support the execution of the third‑party cyber risk management (TPRM) process in line with business criticality and risk appetite. + Perform supplier cyber risk assessments and reviews, working with Procurement, Legal, and Technology stakeholders. + Track third‑party remediation actions, risk acceptances, and reassessments through to closure. + Support material supplier risk discussions by preparing risk summaries, evidence reviews, and decision documentation. + Maintain accurate third‑party risk data to support reporting, metrics, and audit or assurance activities. **Stakeholder Engagement & Collaboration** + Partner with Technology, Data Privacy, Procurement, and Risk Owners to gather information and support risk assessments. + Act as a point of contact for cyber risk and third‑party risk queries within defined areas of responsibility. + Escalate emerging risks, issues, or blockers to the Team Manager with clear analysis and recommended next steps. + Contribute to a positive risk culture by supporting constructive, solution‑focused conversations. **GRC Process, Tooling & Continuous Improvement** + Follow and consistently apply Cyber GRC frameworks, standards, and processes. + Use GRC tooling effectively to manage risk workflows, evidence, and reporting. + Identify opportunities to simplify risk documentation, improve data quality, or streamline processes. + Support audits, assessments, and regulatory or assurance activities by providing accurate risk evidence and analysis. **Key Skills & Experience** + Experience in cybersecurity risk management, third‑party risk, IT risk, or GRC within a complex organisation. + Working knowledge of cyber risk frameworks such as ISO 27001, NIST CSF, or SOC2. + Strong analytical skills, with the ability to assess risk scenarios and control effectiveness. + Ability to communicate risk clearly and concisely in written and verbal form. + Strong attention to detail and ability to manage multiple tasks and priorities. + Comfortable working with stakeholders across technical and non‑technical teams. + Professional certifications or progress toward certifications desirable (e.g. CRISC, CISM, CISSP, CISA). **What Success Looks Like** + Cyber risks are accurately identified, documented, and tracked through to resolution or acceptance. + Risk data is complete, consistent, and reliable, supporting meaningful reporting and decision‑making. + Third‑party cyber risks are assessed proportionately and managed without creating unexpected exposure. + Stakeholders experience Cyber GRC as a helpful, pragmatic partner rather than a compliance hurdle. + The Cyber GRC team operates efficiently with clear visibility of risk posture and priorities. **Why Join Us** + Opportunity to develop deep expertise in cyber risk and third‑party risk management. + Exposure to a wide range of technology, suppliers, and business stakeholders. + Clear development pathway within a maturing Cyber GRC capability. + Supportive environment with strong focus on learning, growth, and professional development. **Who we are:** At Pearson, our purpose is simple: to help people realize the life they imagine through learning. We believe that every learning opportunity is a chance for a personal breakthrough. We are the world's lifelong learning company. For us, learning isn't just what we do. It's who we are. To learn more: We are Pearson. Pearson is an Equal Opportunity Employer and a member of E-Verify. Employment decisions are based on qualifications, merit and business need. Qualified applicants will receive consideration for employment without regard to race, ethnicity, color, religion, sex, sexual orientation, gender identity, gender expression, age, national origin, protected veteran status, disability status or any other group protected by law. We actively seek qualified candidates who are protected veterans and individuals with disabilities as defined under VEVRAA and Section 503 of the Rehabilitation Act. If you are an individual with a disability and are unable or limited in your ability to use or access our career site as a result of your disability, you may request reasonable accommodations by emailing TalentExperienceGlobalTeam@grp.pearson.com. **Job:** Security **Job Family:** TECHNOLOGY **Organization:** Corporate Strategy & Technology **Schedule:** FULL\_TIME **Workplace Type:** Hybrid **Req ID:** 22978