Summary: The Cyber Risk Analyst role involves supporting the Governance, Risk & Compliance (GRC) function within a large, regulated organization focused on cyber resilience and risk management. The position requires hands-on delivery of cyber and information security risk assessments, working closely with IT teams and third-party suppliers. The analyst will be responsible for identifying, assessing, and managing risks across complex IT and OT environments. This role reports to the Information Security Manager and contributes to compliance with regulatory requirements.
Key Responsibilities:
- Deliver qualitative and quantitative cyber, IT and OT risk assessments using recognised risk management practices
- Identify, assess, document and monitor cyber and information security risks across enterprise and operational environments
- Maintain accurate, up-to-date risk records, including risk treatment plans and control profiles
- Support the wider GRC function by gathering risk-related data and contributing to mitigation planning and reporting
- Support supply chain and third-party cyber risk assessments in collaboration with security assurance teams
- Contribute to the development of cyber risk quantification capability, translating technical risk into financial and business impact
- Support compliance with internal controls and external regulatory and legislative requirements
Key Skills:
- 3–5 years’ experience in cyber or information security risk
- Experience with frameworks such as ISO 27005, OCTAVE, FAIR/FAST
- Exposure to standards like ISO 27001, NIS-D CAF, NIST CSF, IEC 62443
- Hands-on experience in conducting risk assessments and management
Salary (Rate): undetermined
City: Portsmouth
Country: United Kingdom
Working Arrangements: hybrid
IR35 Status: undetermined
Seniority Level: undetermined
Industry: IT
Cyber Risk Analyst - Contract - Hybrid
We are working with a large, regulated organisation delivering critical national infrastructure services. Operating across complex IT and OT environments, the organisation places strong emphasis on cyber resilience, regulatory compliance, and effective risk management. They are seeking a Cyber Risk Analyst to support their Governance, Risk & Compliance (GRC) function. This is a hands-on delivery role focused on identifying, assessing, and managing cyber, information security, and OT risks across the organisation. The role reports into the Information Security Manager and works closely with IT teams, risk owners, and third-party suppliers to ensure cyber risks are clearly understood, proportionately treated, and accurately reported.
What you’ll be doing
- Deliver qualitative and quantitative cyber, IT and OT risk assessments using recognised risk management practices
- Identify, assess, document and monitor cyber and information security risks across enterprise and operational environments
- Maintain accurate, up-to-date risk records, including risk treatment plans and control profiles
- Support the wider GRC function by gathering risk-related data and contributing to mitigation planning and reporting
- Support supply chain and third-party cyber risk assessments in collaboration with security assurance teams
- Contribute to the development of cyber risk quantification capability, translating technical risk into financial and business impact
- Support compliance with internal controls and external regulatory and legislative requirements
What you’ll bring
- 3–5 years’ experience in cyber or information security risk
- Experience with frameworks such as ISO 27005, OCTAVE, FAIR/FAST
- Exposure to standards like ISO 27001, NIS-D CAF, NIST CSF, IEC 62443
- Hands-on experience in conducting risk assessments and management
Interviews will start immediately.
