Senior IT Risk Analyst

Position:

Senior IT Risk Analyst

Job Description:

Position Overview

Arrow Electronics is seeking a highly motivated IT Risk Analyst (Mid–Senior Level) to join our global IT Risk team. This role plays a critical part in supporting and leading ISO 27001 certification initiatives, including hands-on participation in internal and external audits from the auditee perspective and ongoing certification maintenance for existing Arrow sites.

The ideal candidate brings practical experience in IT Governance, Risk and Compliance, supporting and leading ISO 27001 audits, strong written and verbal communication skills, and a proactive, “can‑do” mindset. In addition to ISO certification efforts, this role will support broader IT Risk activities, including managing customer and third‑party security questionnaires, intake queue monitoring, corrective actions and cybersecurity documentation and tracking, and other IT Risk initiatives as assigned.

What You’ll Be Doing

ISO 27001 & Certification Support

• Actively participate in and lead ISO 27001 audits from the auditee perspective, including preparation, execution, and follow‑up activities.
• Support initial certifications, re-certifications, and surveillance audits for Arrow sites in APAC region.
• Coordinate with internal stakeholders (IT, Security, Business, Legal, HR, Quality and Compliance teams) to ensure audit readiness and timely closure of findings.
• Contribute to certification project planning, tracking milestones, risks, and dependencies.
• Support continuous improvement of the Information Security Management System (ISMS).

IT Risk & Governance Activities

• Support enterprise IT risk assessments, including identification, documentation, and tracking of risks and mitigation plans.
• Respond to customer, partner, and internal security questionnaires in alignment with Arrow’s policies, standards, and control environment.
• Monitor and manage IT Risk intake queues, ensuring timely triage, response, and follow‑up.
• Assist with internal, external, and customer audits beyond ISO 27001, as required.
• Maintain risk, audit, and compliance documentation in designated GRC tools and repositories.
• Perform other IT Risk–related tasks as assigned to support team objectives.

What We’re Looking For

Required Qualifications

• Bachelor’s degree in Information Technology, Cybersecurity, Risk Management, or a related field; or equivalent practical experience.
• 8-10 years of relevant experience
• Hands-on experience supporting and leading ISO 27001 audits from the auditee perspective.
• Strong understanding of information security and IT risk management principles.
• Excellent written and verbal communication skills, with the ability to communicate effectively with technical and non-technical stakeholders.
• Self-starter with strong initiative, accountability, and a positive, “can‑do” attitude.
• Proven ability to manage multiple priorities in a fast‑paced, global environment.

Preferred Qualifications & Certifications

• Professional certifications such as CISA, CISM, CRISC (or equivalent), is a plus.
• ISO 27001 Lead Auditor or Lead Implementer certification is a must
• Experience working within a global or enterprise-scale IT Risk or compliance program.
• Familiarity with additional frameworks and standards such as NIST CSF, SOC 2, PCI DSS, CIS is a plus.
• Experience using GRC platforms and audit/risk tracking tools is beneficial.

What’s In It for You

• Opportunity to play a key role in Arrow’s global ISO 27001 program.
• Exposure to a wide range of IT Risk, audit, and compliance initiatives across a Fortune 500 organization.
• Collaborative, high-performing team environment with opportunities for growth and professional development.

About Arrow:

Arrow Electronics, Inc. (NYSE: ARW), an award-winning Fortune 154 and one of Fortune Magazine’s Most Admired Companies. Arrow guides innovation forward for over 220,000 leading technology manufacturers and service providers. With 2024 sales of USD $27.9 billion, Arrow develops technology solutions that improve business and daily life. Our broad portfolio that spans the entire technology landscape, helps customers create, make and manage forward-thinking products that make the benefits of technology accessible to as many people as possible. Learn more at www.arrow.com.

Our strategic direction of guiding innovation forward is expressed as Five Years Out, a way of thinking about the tangible future to bridge the gap between what's possible and the practical technologies to make it happen. Learn more at https://www.fiveyearsout.com/. 

For more job opportunities, please visit https://careers.arrow.com/us/en.

Location:

IN-KA-Bangalore, India (SKAV Seethalakshmi) GESC

Time Type:

Full time

Job Category:

Information Technology