Cyber Security Risk Analyst

On behalf of the Cabinet Office, we are looking for a Cyber Security Risk Analyst (Inside IR35) for a 7-month contract hybrid role 2 days per week in London.SC Clearance is an essential requirement for this role, (at the very least you will need to be eligible for SC Clearance).Cyber Security Risk Analyst - Cyber control often from application of first principles.Experience working in a professional services environment.Hands-on experience conducting cyber risk assessments and developing cyber risk mitigation strategies.Hands-on experience conducting cyber security control assessments.Hands-on knowledge and experience working with recognised security frameworks such as NCSC CAF, ISO27001, ISO 27005, ISO 31000, NIST 800-53.Strong interpersonal and communication skills (written and verbal), with the ability to interact with technical and non-technical stakeholders at all levels and build consensus across diverse stakeholders.Acknowledges and responds positively to exceptional events in information security to meet the objectives of the business.

Required Disciplines Business need:The ability to elicit security requirements that support the overall business need based on straightforward analysis.The ability to directly map between security requirement and business need.Clear understanding that security must support organisational priorities and needs.Security direction and governance:Understanding, support of and participation in enabling organisational cyber security governance.The ability to communicate risk and security concepts effectively in accessible ways that can be clearly understood by business leaders or their delegated representatives.Risk assessment:Sound understanding and evidence of application of the fundamental principles of risk assessment.Experience of defining approaches to, and delivering, or enabling the delivery of, comprehensive risk assessments using suitable risk assessment.Able to articulate both a top-down view of risk as well as more traditional component-based risk assessment activity.Clear explanation of any threat assumptions made and the use of sources of information to illuminate their threat assumptions.The ability to determine and understand the security characteristics of a system to understand actual or potential vulnerabilities.Combine all the components of risk to arrive at a meaningful assessment and articulation of risk.Risk treatment:Understanding of how the output of the risk assessment dovetails into risk treatment and that there is traceability between the most significant identified risks and the measures designed to manage those risks effectively.The ability to provide contextualised security advice appropriate to the overall business need delivered with awareness of the sector or environment within which the candidate operates.Competence and understanding in some technology areas relevant to cyber security in the scenarios or sectors in which they have experience.An understanding that risks cannot always be fully mitigated.A clear understanding of options such as risk acceptance or transference as well as risk reduction and the role of technical, physical, personnel and procedural controls as a through-life activity.Assurance:Understanding of the provision of through-life assurance at a service/system as well as component level.The ability to apply different assurance approaches with clear understanding of the pros and cons of each and using this understanding to develop approaches to assuring systems and business processes.Please be aware that this role can only be worked within the UK and not Overseas.