Job Details

Click here to become a registered jobseeker.

Cyber Risk Analyst, CRISC, NIST, Archer, BWise, Technology Risk

Washington, Greater London, United Kingdom, £ £ - Annual Annual, Permanent


Cyber Security Strategic Risk Analyst/Technology Risk - GRC, Archer, BWise, Paisley, COSO, ISO, OCEG, NIST. CRISC, FAIR

Currently a 100% WFH environment with the longer term intention that this role will be a minimum of 3 days WFH on a permanent basis

Benefits: Competitive Salary; Double matched Pension to 18%; 28 Days Holiday; Private Medical Insurance; Life Assurance; Up to 15% Bonus scheme

The Information/Cyber Security Strategic Risk Senior Analyst role is a management developmental role, providing a fast-paced and challenging opportunity for highly motivated individuals seeking to grow into a leadership role in the future. The role provides an exciting career development opportunity with direct exposure to leadership and stakeholders across the business, working in a variety of different business environments.

This position is a unique opportunity in the Cyber Security field to work across three essential environments:

  • Information Technology (IT)
  • Critical National Infrastructure (CNI)
  • Operational Technology (OT)

The purpose of the team is to perform & maintain strategic cyber security risk assessments & improvement plans for IT and OT environments across Gas, Electric & System Operator environments (ICS, SCADA, Substations, LNG.)

The Cyber Security Strategic Risk Analyst will:

  • Monitor risks by defining and managing key cyber risk and performance indicators.
  • Drive integration and automation flows within security enterprise risk management tooling.
  • Maintain risks leveraging quantified threat, control, forecasts & vulnerability data.
  • Managing exceptions, evidence and logging compensating controls.
  • Visualise dynamic relationships and actionable process flows between risks, threats, incidents, vulnerabilities and controls.
  • Establish & manage measures for forecasting security programme benefits.
  • Contribute to quantitative and qualitative risk and regulatory reporting to management and senior leaders.
  • Participate in development of risk-driven improvement plans.
  • Contribute to cyber security risk and controls assessments.
  • Supporting development of risk measures using MITRE ATT&CK.
  • Lead monthly data driven Risk & Threat alignment workshops.
  • Provide assurance that business critical system risk, business risks, and regulatory gaps are known and accepted or effectively mitigated through data driven insights and reporting
  • Maintain risks within enterprise risk management platform.
  • Develop current state and forecast control and risk forecasts.
  • Refine, document, automate and test key risk management processes.
  • Perform quarterly and bi-annual risk reporting for senior leaders.
  • Support the delivery of security risk assessments where required
  • Working closely with project delivery towers to ensure that projects are delivering expected output, leading to reduced risk and realising benefits/value

Technical Know How:

  • A working understanding of and/or implementation experience with a variety of GRC tools (eg GRC, Archer, BWise, Paisley)
  • Excellent O365 skills - including Excel and SharePoint (Knowledge of VBA)


  • Experience in defining implementing risk management and/or compliance programs, including risk/governance, risk appetite, tolerance, risk assessment, risk mitigation strategies, integration of risk management and strategic/business planning processes.
  • Experience with data analytics and data visualisation with excellent attention to detail when working with data sets and reporting
  • Communicating complex messages both orally & in writing using quantitative & qualitative measures.
  • Experience with MITRE ATT&CK desirable but not essential.
  • Experience with Microsoft Visio desirable but not essential.
  • Able to operate as a highly independent motivated worker and as part of a strong team with a collaborative approach, delivering high-quality outputs.
  • Demonstrable security and enterprise risk management experience (ie COSO, ISO, OCEG, NIST.)
  • Demonstrable experience working with industry best practices, regulatory and security control frameworks (NIST , ISO 27001, NIST CSF)
  • Previous experience of IT required, and OT desired but not essential.


  • Familiar with NERC CIP Standards and other regulations such as NIS-R, GDPR, etc.
  • 3+ years' experience in managing Cyber Security Risk.
  • Experience in Cyber Security (Risk management, Strategy, Ops, etc.)
  • Relevant security risk qualifications (ie CRISC, FAIR.)
  • Educated to degree level (or equivalent combination of education and experience)
  • Experience in Cyber Security (Risk management, Strategy, Ops, etc.)
  • Experience with NIS-R
  • Information Security Qualifications such as CISSP, CISM, CISA or relevant certification.
  • The ability to obtain and maintain security clearance

Job Details

Not Specified
Washington, Greater London, United Kingdom
£ £ - Annual Annual