.OverviewWELCOME TO SITAWe're the team that keeps airports moving, airlines flying smoothly, and borders open. Our tech and communication innovations are the secret behind the success of the world's air travel industry.You'll find us at 95% of international hubs. We partner closely with over 2,500 transportation and government clients, each with their own unique needs and challenges. Our goal is to find fresh solutions and cutting-edge tech to make their operations run like clockwork. Want to be a part of something big? Are you ready to love your job? The adventure begins right here, with you, at SITA. ABOUT THE ROLE & TEAMSupporting the cyber security risk management Team Leader, the Cybersecurity Senior Risk Analyst will contribute to IT risk management practice within SITA EISO team by maintaining and enhancing the IT risk management framework, managing IT exceptions, and supporting third-party vendor risk assessments and monitoring.As part of the second Lines of Defense (2LoD), the Senior Risk Analyst will also support business and IT projects and collaborate with IT operations teams to assess risks and make objective recommendations to mitigate them.WHAT YOU WILL DOMaintain and improve the IT security risk assessment framework.Provide an objective review of business documented identified IT security risks, mitigating controls and support to risk owner for decision.Maintain a register of IT risks throughout their lifecycle.Maintain and improve third-party risk vendor assessment methodology.Carry out security posture and level of assurance review of third parties, document the assessment evaluation and present the results and recommendations to business owner.Manage and maintain the security exception handling process, including review of the exception request, risk approval and tracking of the resolution with the exception owner.Produce and report IT risk management KPIs and KRIs on a monthly basis.Document findings, analysis, and recommendations in clear and concise reports for both technical and non-technical stakeholders.Navigate and work effectively across a complex, geographically dispersed organization.QualificationsABOUT YOUR SKILLS3 to 5 years of information system/cyber risk and control management experience, including risk identification, risk analysis and assessment, risk response and remediation.Relevant certification desired: CISA, CISM, CISSP, CIA, CIPP, or related.Practical experience of assessing risks associated with third-party suppliers and reviewing assurance documents relating to security and IT controls provided by third parties (e.G. ISO 27001, SOC2 certifications, etc.).Practical experience of managing an IT exception handling process.Ability to influence and engage with risk owner and senior management.Ability to adapt quickly to changing priorities and demands