×

Job Details

Click here to become a registered jobseeker.

Cyber Security Risk Analyst: GRC, Archer, BWise, Paisley, COSO, ISO, O

London, Warwickshire, United Kingdom, £ £ 62500.00-62500.00 Annual Annual, Permanent

Description:

Cyber Security Strategic Risk Analyst - GRC, Archer, BWise, Paisley, COSO, ISO, OCEG, NIST. CRISC, FAIR

Currently a 100% WFH environment with the longer term intention that this role will be a minimum of 3 days WFH on a permanent basis

Benefits: Competitive Salary; Double matched Pension to 18%; 28 Days Holiday; Private Medical Insurance; Life Assurance; Up to 15% Bonus scheme

The Information Security Strategic Risk Senior Analyst role is a management developmental role, providing a fast-paced and challenging opportunity for highly motivated individuals seeking to grow into a leadership role in the future. The role provides an exciting career development opportunity with direct exposure to leadership and stakeholders across the business, working in a variety of different business environments.

This position is a unique opportunity in the Cyber Security field to work across three essential environments:

  • Information Technology (IT)
  • Critical National Infrastructure (CNI)
  • Operational Technology (OT)

The purpose of the team is to perform & maintain strategic cyber security risk assessments & improvement plans for IT and OT environments across Gas, Electric & System Operator environments (ICS, SCADA, Substations, LNG.)

The Cyber Security Strategic Risk Analyst will:

  • Monitor risks by defining and managing key cyber risk and performance indicators.
  • Drive integration and automation flows within security enterprise risk management tooling.
  • Maintain risks leveraging quantified threat, control, forecasts & vulnerability data.
  • Managing exceptions, evidence and logging compensating controls.
  • Visualise dynamic relationships and actionable process flows between risks, threats, incidents, vulnerabilities and controls.
  • Establish & manage measures for forecasting security programme benefits.
  • Contribute to quantitative and qualitative risk and regulatory reporting to management and senior leaders.
  • Participate in development of risk-driven improvement plans.
  • Contribute to cyber security risk and controls assessments.
  • Supporting development of risk measures using MITRE ATT&CK.
  • Lead monthly data driven Risk & Threat alignment workshops.
  • Provide assurance that business critical system risk, business risks, and regulatory gaps are known and accepted or effectively mitigated through data driven insights and reporting
  • Maintain risks within enterprise risk management platform.
  • Develop current state and forecast control and risk forecasts.
  • Refine, document, automate and test key risk management processes.
  • Perform quarterly and bi-annual risk reporting for senior leaders.
  • Support the delivery of security risk assessments where required
  • Working closely with project delivery towers to ensure that projects are delivering expected output, leading to reduced risk and realising benefits/value

Technical Know How:

  • A working understanding of and/or implementation experience with a variety of GRC tools (eg GRC, Archer, BWise, Paisley)
  • Excellent O365 skills - including Excel and SharePoint (Knowledge of VBA)

Experience:

  • Experience in defining implementing risk management and/or compliance programs, including risk/governance, risk appetite, tolerance, risk assessment, risk mitigation strategies, integration of risk management and strategic/business planning processes.
  • Experience with data analytics and data visualisation with excellent attention to detail when working with data sets and reporting
  • Communicating complex messages both orally & in writing using quantitative & qualitative measures.
    • Experience with MITRE ATT&CK desirable but not essential.
    • Experience with Microsoft Visio desirable but not essential.
    • Able to operate as a highly independent motivated worker and as part of a strong team with a collaborative approach, delivering high-quality outputs.
  • Demonstrable security and enterprise risk management experience (ie COSO, ISO, OCEG, NIST.)
  • Demonstrable experience working with industry best practices, regulatory and security control frameworks (NIST , ISO 27001, NIST CSF)
  • Previous experience of IT required, and OT desired but not essential.

Knowledge:

Familiar with NERC CIP Standards and other regulations such as NIS-R, GDPR, etc.

Essential

  • 3+ years' experience in managing Cyber Security Risk.
  • Experience in Cyber Security (Risk management, Strategy, Ops, etc.)
  • Relevant security risk qualifications (ie CRISC, FAIR.)
  • Educated to degree level (or equivalent combination of education and experience)
  • Experience in Cyber Security (Risk management, Strategy, Ops, etc.)
  • Experience with NIS-R
  • Information Security Qualifications such as CISSP, CISM, CISA or relevant certification.
  • The ability to obtain and maintain security clearance

Main Interfaces

  • Business Units (CNI, Gas OT, Electric OT, IT, across US & UK)
  • Technology Risk & Compliance
  • Security Architecture
  • Product Strategy Leads & Engineering Teams
  • IT & Security Operations
  • Procurement
  • Regulatory
  • Physical Security
  • Senior Leadership
  • Audit (internal and external)

About us

The company touches the lives of almost everyone in the UK, with an energy network that stretches across the Atlantic. We're an international team, and our work underpins the lives of millions of people. Feet forwards, head up, and eyes bright, we're working hard to create value for people today - and shape the future of energy tomorrow.

In the UK, we don't generate or sell energy - we join the dots to get energy from A to B. From making a cup of tea in the morning, to keeping the lights on in hospitals, our electricity network puts power in the hands of people. Without it, the world as we know it would grind to a halt.

Working here, you won't just be touching the lives of almost everyone in the UK - you'll be shaping the way we use and consume energy for generations to come.

As an employee, you'll treat our customers as a priority, taking time to listen and work with them to help give them the best experience we possibly can. You'll need to be proactive and flexible in your approach and continually look for ways to exceed their expectations - sometimes in unexpected and helpful ways. You'll provide accessible information when our customers need it and make things simple by using your expertise to guide them. Above all, you'll follow through on your promises to deliver value, drive efficiency and give them a great customer experience.

We offer inclusion and diversity training for everyone here, with a view to building an inclusive working environment and developing all our employees. Training opportunities range from unconscious bias and reverse mentoring to targeted training initiatives which are tailored to support our diverse and innovative work force.

Job Details

1102239160
ASAP
Not Specified
London, Warwickshire, United Kingdom
Permanent
£ £ 62500.00-62500.00 Annual Annual