IT Security Risk Analyst - Remote/Home Working

Back to job search

IT Security Risk Analyst - Remote/Home Working

  • Sector:

    IT Security / Information Security

  • Job type:

    Permanent

  • Salary:

    £60k + Bonus + Benefits

  • Contact:

    Simon Wood

  • Contact email:

    simon.wood@requiredit.com

  • Job ref:

    8793

  • Published:

    about 1 month ago

  • Expiry date:

    2020-11-21

  • Startdate:

    ASAP

​(Remote/Home Working - ideally based in South West or South East)

The role is responsible for performing risk assessments and analysing risks in various areas of the business, with a view to determine the effectiveness of security, operational, process, people and other controls.


Core Responsibilities:

  • Perform RA (Risk Assessments) and present the results, recommend actions to address risk and drive towards best practice

  • Perform the first (and, for the Senior Analyst, in depth) level of analysis for data acquired, produce actionable insight

  • Own and maintain the risk management framework and artefacts for the company (assets lists and categorisation, risk registers, RA templates, risk acceptance forms, etc)

  • Follow (and, for the Senior Analyst, also create and improve) processes and procedures to perform risk analysis and risk management activities

  • Introduce risk management principles in our existing policies, procedures and standards; ensure they are relevant to the company and its operations, that they are kept up to date and continuously improved

Your Skills:

  • Experience in compliance, auditing, data protection, information security, risk management or related field

  • Expertise in taking policy statements and translating them into actual, implementable, risk and security controls that can be monitored, audited and constantly improved. Ability to judge their effectiveness and recommend improvements.

  • Ability to operate data mapping and risk assessment tools and processes that identify risks to business assets and operations

  • Provide insight into the key areas of risk for the business and provide suggestions on mitigation/treatment

  • Good understanding of common information risk and security management standards, frameworks, and laws / regulations: e.g. CIS Top20, ISO/IEC 27001, NIST 800-53, BSIMM, GDPR, FAIR, etc.