Information Security Risk Analyst
Role details
Job location
Tech stack
Job description
We're looking for an Information Security Risk Analyst to support the identification, assessment, and management of security and technology risk across the business.
You will play a key role in maintaining the risk framework, working closely with stakeholders across IT, security, and the wider business to ensure risks are understood, quantified, and actively managed.
What you'll do
Conduct risk assessments across technology systems, projects, and third-party suppliers
Maintain and update the information security risk register, tracking remediation activity
Assess the design and effectiveness of security controls, identifying gaps and improvements
Perform control testing and validate key risk indicators
Support internal and external audits
Monitor emerging threats and recommend appropriate mitigation actions
Work with stakeholders across IT and business teams to manage risk effectively
Produce clear, concise reporting for both technical and non-technical audiences
Contribute to the continual improvement of the ISMS
Support vulnerability management activities
Requirements
Do you want to move beyond tracking risk and start influencing how it's managed across a business?
Are you confident translating technical security risks into clear, commercial decisions for stakeholders?, Experience in information security or technology risk
Strong understanding of risk assessment approaches and frameworks
Knowledge of standards such as ISO 27001 or NIST
Strong analytical and problem-solving capability
Ability to communicate complex risks in clear, business-facing language
Experience working with risk tools or systems
Experience within financial services or a regulated environment
Relevant certifications (CRISC, CISM, CISSP, ISO 27001)
Experience with reporting tools such as Power BI