Senior Analyst - Cyber Security Metrics

For more than 40 years, Accelya has been the industry’s partner for change, simplifying airline financial and commercial processes and empowering the air transport community to take better control of the future. Whether partnering with IATA on industry-wide initiatives or enabling digital transformation to simplify airline processes, Accelya drives the airline industry forward and proudly puts control back in the hands of airlines so they can move further, faster.

Senior Analyst - Cyber Business Services

Mumbai

Role purpose

Senior Analyst – Cyber Business Services is responsible for ensuring the organization’s cybersecurity practices align with relevant industry regulations, internal policies, and best practices. This role focuses on providing customer security assurance by assessing, monitoring, and maintaining compliance with cybersecurity frameworks and standards, ensuring that risk management protocols and controls are effectively integrated across the organization’s operations. The Senior Analyst will collaborate with IT, legal, audit, and other departments to manage and address compliance risks related to cybersecurity and data protection, providing expert guidance on compliance requirements and helping to implement necessary improvements to the company’s security posture. The Senior Analyst is responsible for developing dashboards and presenting them to Senior Management.

Duties & Responsibilities

Cybersecurity Compliance Management

• Ensure that the organization’s cybersecurity policies, procedures, and controls comply with relevant standards, regulations, and frameworks (e.g., GDPR, CCPA, ISO 27001, NIST, PCI DSS).
• Provide Level 1 cybersecurity support by triaging and resolving incoming requests through a ticketing platform.
• Standardize the security request workflow by ensuring consistency and effective management
• Work closely with legal, audit, products and IT teams to complete Cyber security assessments and Cyber Risk assessments
• Partner with business units to resolve cybersecurity compliance issues, ensuring proper implementation and ongoing maintenance of all required security controls.
• Review and respond to the security and compliance sections of customer RFPs/RFIs, ensuring alignment with organizational policies and industry standards (e.g., ISO 27001, NIST).
• Coordinate and manage third-party vendors for VAPT activities across applications and collaborate with internal teams for remediation of vulnerability
  
  

• Evaluate the effectiveness of current security controls and practices to ensure compliance with external regulations and internal security policies.
• Identify compliance risks, control weaknesses, and areas for improvement through Customer SLA/Security assessments, gap assessments, and through metrics
• Collaborate with stakeholders to implement corrective actions and preventive actions for any cybersecurity compliance issues identified, tracking the resolution process to ensure timely and effective remediation.
• Participate in risk assessments to identify cybersecurity threats and evaluate the customer and business exposure to compliance-related risks, particularly in high-risk areas.
  
  

• Stay up to date on relevant regulations, cybersecurity trends, and best practices to ensure the company remains compliant with applicable laws and frameworks.
• Participate and supporting external audits and assessments related to cybersecurity compliance, providing necessary documentation, evidence, and reports.
• Assist in PCI and ISO 27001 external Audits
• Guide the development of compliance programs and initiatives, ensuring they align with the organizations overall cybersecurity and business objectives.
  
  

• Create and Manage Power BI reports for CISOs Dashboard
• Implement Security metrics and KPI, providing regular reports to Management
• Implement Security metrics and KPIs to ensure compliance with customer SLAs
• Communicate compliance and cybersecurity risks to key stakeholders, providing actionable insights to enhance decision-making processes.
  
  

• Support the organization’s incident response team in addressing compliance-related issues arising from security breaches or data protection incidents.
• Help track and report on incidents related to cybersecurity compliance, ensuring that they are resolved in accordance with applicable regulations and internal policies.
• Assist in identifying lessons learned from security incidents and developing preventive measures to reduce future compliance risks.
  
  

• 7+ years of experience in cybersecurity, compliance, or risk management, with a focus on ensuring adherence to cybersecurity standards and regulations.
• Experience in developing and managing cybersecurity metrics and KPIs using Excel, Power BI, and other relevant tools.
• Experience in managing cybersecurity projects and coordinating with external vendors for testing and compliance activities.
• Airline background (Preferred)
• Experience in working with regulatory frameworks such as ISO 27001, NIST, GDPR, CCPA, PCI DSS, or SOC 2.
• Proven experience in preparing ISO 27001 SOA, internal and external audits, compliance reviews and KPI reporting in a corporate or enterprise setting.
• Familiarity with cybersecurity concepts, controls, and best practices in data protection, threat management, and regulatory compliance.
• Experience in driving process improvements to enhance the organization’s security posture.
• Knowledge of or hands-on experience with automation tools and processes in a cybersecurity context.
  
  

• Open culture and challenging opportunity to satisfy intellectual needs
• Flexible working hours
• Smart working: hybrid remote/office working environment
• Work-life balance
• Excellent, dynamic and multicultural environment