(Remote/Home Working - ideally based in South West or South East)
The role is responsible for performing risk assessments and analysing risks in various areas of the business, with a view to determine the effectiveness of security, operational, process, people and other controls.
Perform RA (Risk Assessments) and present the results, recommend actions to address risk and drive towards best practice
Perform the first (and, for the Senior Analyst, in depth) level of analysis for data acquired, produce actionable insight
Own and maintain the risk management framework and artefacts for the company (assets lists and categorisation, risk registers, RA templates, risk acceptance forms, etc)
Follow (and, for the Senior Analyst, also create and improve) processes and procedures to perform risk analysis and risk management activities
Introduce risk management principles in our existing policies, procedures and standards; ensure they are relevant to the company and its operations, that they are kept up to date and continuously improved
Experience in compliance, auditing, data protection, information security, risk management or related field
Expertise in taking policy statements and translating them into actual, implementable, risk and security controls that can be monitored, audited and constantly improved. Ability to judge their effectiveness and recommend improvements.
Ability to operate data mapping and risk assessment tools and processes that identify risks to business assets and operations
Provide insight into the key areas of risk for the business and provide suggestions on mitigation/treatment
Good understanding of common information risk and security management standards, frameworks, and laws / regulations: e.g. CIS Top20, ISO/IEC 27001, NIST 800-53, BSIMM, GDPR, FAIR, etc.