Information Security Risk Analyst

Job Description

The Defence Security Team looks to support all teams throughout the business and meet objectives in the most secure manner possible. Collaborating closely with the Core Security Team and Engineering teams, we identify and safeguard assets against malicious threats, promptly responding to and recovering from various security incidents.
We are responsible for managing security risks in three core domains - Cyber, Personnel, and Physical. We are responsible for managing security risks in three core domains - Cyber, Personnel, and Physical. As our clients have specific security requirements, our team plays a vital role in implementing robust security controls for defined outcomes and maintaining tailored assurance measures. Currently, we are seeking a proactive and systematic Security Analyst to spearhead the development of an effective security culture across all business functions.

Your Opportunity:

• Lead security risk assessments across different security domains, projects, operational requirements, and technical change initiatives.
• Enhance and refine the Information Security Management System (ISMS) to align with the company's current practices.
• Develop new metrics, KPIs/KRIs to strengthen risk management capabilities.
• Effectively communicate the security implications of technical decisions, risk mitigation strategies, and alignment with risk tolerance levels to stakeholders at all organizational levels.
• Participate in due diligence and ongoing risk management activities related to supply chain operations.
• Analyze and interpret threat intelligence to offer risk advisory and tutorial services to various Defence teams.
• Oversee the creation and maintenance of new security standards and procedures to enhance staff security culture, including support for personnel and physical security processes in line with HMG handling requirements.

Why You're Made For This:

• Demonstrated expertise in ISO27001 or NIST CSF.
• Familiarity with risk management principles, best practices, and emerging toolkits such as Cyber Essentials and/or ISO27001.
• Understanding of ISO 9001 and Quality Management Systems (QMS) and their interactions with ISO 27001.
• Knowledge of internal audits and their value in managing organizational systems.
• Experience with UKSV Vetting, including staff clearance management and vetting awareness campaigns.