Cyber and IT Risk
Cyber and IT Risk Analyst Location:Hybrid (c. 3-4 times per month in the Staines area)Type:Full-time, PermanentSalary:£62,000 - £79,000 per annum + BenefitsFoundations Executive Search is proud to be partnering with one of the UKs most prestigious and recognised brands to support the appointment of aCyber and IT Risk Analyst.This is a fantastic opportunity for an analytical, detail-driven cyber risk professional to join a nationally critical organisation undergoing significant digital transformation.
Youll be supporting enterprise-wide cyber risk decision-making at scale-helping to shape and mature security practices across a complex operational environment. The Opportunity As a Cyber and IT Risk Analyst, you will play a vital role in supporting the enterprise security team to assess, manage, and remediate cyber and IT risks.Working closely with a wide range of stakeholders, youll ensure that cyber risk is measured, tracked, and embedded within broader technology and business decision-making frameworks.Youll leverage risk methodologies such asNISTandISO 27005to deliver detailed qualitative and quantitative analysis, supporting effective security prioritisation and investment decisions.
Key Responsibilities Perform detailed cyber and IT risk analysis using recognised frameworks (e.g. NIST, ISO27005)Collaborate pragmatically with technical and business stakeholders to undertake cyber risk assessments and influence control decisionsAct as a subject matter expert and trusted advisor on cyber and IT risk managementCommunicate risk findings clearly, tailoring insights for both technical and non-technical audiencesManage, maintain, and report on the organisations Risk Log using platforms such asSureCloudandRiskLedgerSupport the remediation of identified risks, aligned to the organisations cyber risk appetite and strategic objectivesContribute to the ongoing delivery and implementation of the broader Cyber StrategyAssist Cyber Assurance Leads with risk tracking, documentation, and reporting activities About You Youll be a proactive, structured, and collaborative professional who brings strong analytical skills and the ability to work comfortably across complex technology environments.
Youll have the confidence to engage a variety of stakeholders, from technical experts to senior management, and the attention to detail required for effective risk governance. Essential Experience and Skills Demonstrable experience applying at least two recognised cyber and/or IT risk methodologies (e.g., NIST, ISO27005, FAIR, OCTAVE)Experience managing cyber risk in complex, geographically distributed organisationsStrong documentation skills with the ability to manage and track detailed risk registersExcellent communication skills with the ability to present complex technical issues in a clear and approachable wayCalm and methodical approach, able to prioritise effectively under pressure Desirable Experience Experience working in safety-critical, aviation, or critical infrastructure environmentsExperience with risk management platforms such asSureCloudandRiskLedgerWorking towards or holding relevant certifications such asCompTIA Security+,CEH,SSCP, or equivalent Why Apply?
This is an exciting chance to build your career in cyber risk within one of the UKs most prestigious and highly respected organisations. With the opportunity to work across a wide range of strategic projects, and strong support for career development, this role offers excellent professional growth and long-term impact.