Enterprise Security Risk Analyst

The Enterprise Security Risk Analyst is a senior analytical and leadership role within DWP's Enterprise Security Risk Management (ESRM) function. The postholder leads one of the department's four security risk domains - Cyber & Information Security, Personnel Security, Physical Security, or Supply Chain Security - and is responsible for producing high-quality enterprise-level security risk assessments that inform decision-making at the highest levels including Director General Finance, the Executive Team, and Departmental Audit & Risk Assurance Committee (DARAC).

This role has evolved in recent years from traditional, system-based assessments to true enterprise security risk analysis - understanding the big picture, synthesising information, and articulating how security risks could impact the department's ability to operate, deliver services, maintain resilience, and protect staff, data, and assets.

The postholder leads a small team, orchestrating complex analytical work across multi-layered risk scenarios, and works extensively with senior stakeholders across Digital, Estates, People Safety, Commercial, Risk & Resilience, wider security stakeholders. Their work directly shapes DWP's security posture, prioritisation, and investment decisions.

Key ResponsibilitiesLead an Enterprise Security Risk Domain

Hold responsibility for one of four domains (Cyber, Physical, Personnel, Supply Chain).

Develop, maintain and lead the production of quarterly Enterprise Security Risk Products for senior leaders.

Oversee multi-layered risk analysis covering threat scenarios, impacts, controls, and residual risk.

Deliver Complex Security Risk Analysis

Break down large, ambiguous or abstract security problems into structured analytical components.

Gather, evaluate and synthesise information from diverse sources, including digital risk data, system-level risk assessments, threat intelligence, estate vulnerabilities, resilience data and people safety insights.

Apply structured analytical methods to generate robust findings, uncertainty judgements, and evidence-based conclusions.

Influence Decision Makers

Produce clear, actionable insights to inform DG-level decision-making, risk appetite setting, and departmental prioritisation.

Articulate business impacts: how risks could affect operations, resilience, service delivery, customer experience, staff safety or data protection.

Support senior leaders (e.g., Director General for Finance) by outlining options, consequences and recommended mitigations.

Stakeholder Leadership and Engagement

Build strong relationships with senior stakeholders across Digital, Estates, People Safety, Risk & Resilience, Commercial and wider security teams.

Coordinate and convene stakeholders to gather evidence, test assumptions and validate analysis.

Ensure alignment across functions and build consensus around risk understanding, mitigations and priorities.

Team Leadership and Delivery Management

Lead, mentor and quality-assure the work of a small team of colleagues.

Task and oversee scenario-level analysis (e.g., physical estate failure scenarios, cyber resilience scenarios).

Shape team capability, drive continuous improvement and support professionalisation of ESRM's analytical approach.

Strategic and Tactical Risk Support

Lead thematic/strategic risk assessments for priority business areas (e.g., arm's length bodies).

Deliver tactical assessments when the business requests security input on emerging issues (e.g., reviewing mail-screening contracts, new operating models, or outreach activities).

Provide options and recommendations while enabling the business to understand and own its risk decisions., Health and wellbeing support including our Employee Assistance Programme for specialist advice and counselling and the opportunity to join HASSRA a first-class programme of competitions, activities and benefits for its members (subscription payable monthly).

Family friendly policies including enhanced maternity and shared parental leave pay after 1 year's continuous service.

Funded learning and development to support progress in your role and career. This includes industry recognised qualifications and accreditations, coaching, mentoring and talent development programmes.

An inclusive and diverse environment with opportunities to join professional and interpersonal networks including Women's Network, National Race Network, National Disability Network (THRIVE) and many more.

Process:We know your time is valuable, so our application and selection process is just two stages, The Enterprise Security Risk Analyst is a senior analytical and leadership role within DWP's Enterprise Security Risk Management (ESRM) function. The postholder leads one of the department's four security risk domains -Cyber & Information Security, Personnel Security,..., Senior Cyber Security Governance Manager required to lead and evolve enterprise-wide cyber governance within a large global organisation in Glasgow. This is a senior role with responsibility for strengthening governance, risk oversight and control frameworks across a..., Senior Risk and Controls Manager - Remote - Up to £85,000 + Bonus My client is looking for a seasoned Controls professional with deep expertise in Governance, Risk and Compliance (GRC), particularly within SAP-based environments. This role suits someone who understands how..., A leading utility company in Glasgow is seeking a Senior Governance, Risk & Assurance Analyst to coordinate cyber governance and assurance activities. The successful candidate will manage risk assessments and develop insights for stakeholders. A background in cyber security...

Experience providing analysis, risk assessment, or decision support within complex, multi-team environments - ideally in large organisations with distributed accountabilities - alongside a strong understanding of security or risk principles. Transferable experience (such as threat analysis, operational risk, resilience, or intelligence) is equally valuable. No mandatory qualifications required.

Exceptional analytical skills - able to break down complex or ambiguous security or operational problems into structured components, make evidence-based judgements, and articulate uncertainty clearly.

Leadership experience - Experienced in driving change and enhancing the professionalism of a team or function, while also providing guidance and quality assurance to colleagues

Ability to understand and communicate business impact - translating security, technical or operational issues into clear consequences for service delivery, resilience, staff safety or organisational performance.

Strong stakeholder engagement and influencing capability - able to identify the right stakeholders, gather insight, test assumptions and build shared understanding, including with senior leaders.

Pay up to £64,946, plus 28.97% employer pension contributions, hybrid working, flexible hours, and great work life balance., Alongside your salary of £64,946 Department for Work and Pensions contributes £16,786 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

DWP have a broad benefits package built around your work-life balance which includes:

Working patterns to support work/life balance such as job sharing, term-time working, flexi-time and compressed hours.

Generous annual leave - at least 26 days on entry, increasing up to 31 days over time (pro-rata for part time employees), plus 9 days public and privilege leave.

Support for financial wellbeing, including interest-free season ticket loans for travel, a cycle to work scheme and an employee discount scheme., Pay up to £64,946, plus 28.97% employer pension contributions, hybrid working, flexible hours, and great work life balance. The Enterprise Security Risk Analyst is a senior analytical and leadership role within DWPs Enterprise Security Risk Management (ESRM) function. The...

The Role Citation is a £280M+ PE-backed provider of compliance, verification, and certification services to 120,000+ global clients. Our growth combines organic development with 2-3 strategic acquisitions per year, requiring rapid integration of new capabilities while..., At Capgemini Invent, we believe difference drives change. As inventive transformation consultants, we blend our strategic, creative and scientific capabilities, collaborating closely with clients to deliver cutting-edge solutions. Join us to drive transformation tailored to..., Senior Cyber Security Governance Manager DGH Recruitment are currently recruiting on behalf of a leading client in the professional services industry who require a Senior Cyber Security Governance Manager to join the firm in Glasgow. Key Responsibilities: * Establish,..., What are we building? Hard Rock Digital is a team focused on becoming the best online sportsbook, casino, and social gaming company in the world. We're building a team that resonates passion for learning, operating, and building new products and technologies for millions..., What is Exalt-FI Established in July 2018, eXalt-Fi was built on the principles of intrapreneurship, agility, and innovation, with a deep commitment to both clients and consultants. With a community of over 1,200 consultants, the firm specialises in Digital..., Anderson Knight is recruiting a Credit Decisions Analyst on behalf of our client, a specialist motor finance provider based in Glasgow. This is an excellent opportunity to join a growing organisation operating within the near-prime lending market, supporting customers who..., A government agency is looking for an experienced Enterprise Security Risk Analyst. This senior role involves leading security risk assessments across various domains like Cyber and Physical Security. You will manage a small team, influence decision-makers, and engage with...