Cyber Risk Analyst

We are working with a large, regulated organisation delivering critical national infrastructure services. Operating across complex IT and OT environments, the organisation places strong emphasis on cyber resilience, regulatory compliance, and effective risk management.

They are seeking a Cyber Risk Analyst to support their Governance, Risk & Compliance (GRC) function. This is a hands‑on delivery role focused on identifying, assessing, and managing cyber, information security, and OT risks across the organisation.

The role reports into the Information Security Manager and works closely with IT teams, risk owners, and third‑party suppliers to ensure cyber risks are clearly understood, proportionately treated, and accurately reported.

• Deliver qualitative and quantitative cyber, IT and OT risk assessments using recognised risk management practices
• Identify, assess, document and monitor cyber and information security risks across enterprise and operational environments
• Maintain accurate, up-to-date risk records, including risk treatment plans and control profiles
• Support the wider GRC function by gathering risk‑related data and contributing to mitigation planning and reporting
• Support supply chain and third‑party cyber risk assessments in collaboration with security assurance teams
• Contribute to the development of cyber risk quantification capability, translating technical risk into financial and business impact
• Support compliance with internal controls and external regulatory and legislative requirements

• 3–5 years’ experience in cyber or information security risk
• Experience with frameworks such as ISO 27005, OCTAVE, FAIR/FAST
• Exposure to standards like ISO 27001, NIS‑D CAF, NIST CSF, IEC 62443
• Hands‑on experience in conducting risk assessments and management