Security Risk Analyst

Description de la mission

Security Risk Analyst
Skills and Experience
• 5 + years of working in security in large, diverse, and complex organisation in risk management roles.
• Demonstrable hands on experience of risk management, assessment, and thread modelling
• Threat and vulnerability assessment experience
• Experience of risk a threat models and risk assessment methodologies and frameworks such as NCSC’s Cyber security risk management framework, ISO31000, ISO25005.
• Experience of working with NCSC’s Could Principles, Cloud Assurance Framework and other NCSC and HMG standards and guidance.
• Extensive knowledge of threat and vulnerability, attack types and response.
• Extensive experience of carrying out risk assessment, IT, Cloud risks etc and manging third party risks.
• Ensure all IT application, services and systems risk assessed.
• Be the point of contact of all risk assessment.
• Ability to prioritise, work under pressure and stressful situation alone and with other technical and non-technical teams.
• Ability to manage prioritise and manage workloads.
• Experience producing high quality documentation, policies, process, and reporting.
• Experience of structured and analytical approach to problem solving and problem resolution.
• Experience of working with security frameworks, e.g.,
• NIST and specifically SPF and NCSC Risk Management Guidance.
• Good understanding of risks and risk frameworks, assessment, and management
Ability to work collaborate in large and diverse organisation across the globe.
Duties and Responsibilities
• Risk assessment, analysis, management, and risk reporting
• Creating and managing risk register and risk policies and standards and process,
• Carrying our threat and vulnerability assessment
• Threat and risk vulnerability, modelling
• Working with other specialists and teams to ensure all risks are identified, assessed.
• Engage with the business to ensure new risks are identified and managed.
• Creating process, schedule for risk assessment for re-assessments.
• Carrying out third party and supplier third party risk audits.
• Ensure all applications, systems are risk assessed and approved as per existing process.
• Improve risk assessment and compliance process and communicate these to the stakeholders.
• Work actively to reduce risks and impact of risks to the organisation.
• Ensure risks are identified, assessed managed and reported in a timely manner.
• Proactively identify gaps and make improvements.
• Produce quality reports on security risks, progressions, and non-noncompliance with policies.
• Engage and build relationships with internal and external stakeholders.
• Minimise the security incident lifecycle from identification to resolution.
• Flexible hands on approach to help where required.
Qualifications
CRISC, CISSP, CISM
Skills:
risk management
Risk assessment
Risk analysis
risk reporting
risk register
risk policies
thread modelling
Cyber Security
ISO31000
ISO25005
Security
vulnerability assessment
threat assessment
CRISC
CISSP
Job Title: Security Risk Analyst
Location: London, UK
Job Type: Contract
Trading as TEKsystems. Allegis Group Limited, Maxis 2, Western Road, Bracknell, RG12 1RT, United Kingdom. No. 2876353. Allegis Group Limited operates as an Employment Business and Employment Agency as set out in the Conduct of Employment Agencies and Employment Businesses Regulations 2003. TEKsystems is a company within the Allegis Group network of companies (collectively referred to as « Allegis Group »). Aerotek, Aston Carter, EASi, Talentis Solutions, TEKsystems, Stamford Consultants and The Stamford Group are Allegis Group brands. If you apply, your personal data will be processed as described in the Allegis Group Online Privacy Notice available at https://www.allegisgroup.com/en-gb/privacy-notices.
To access our Online Privacy Notice, which explains what information we may collect, use, share, and store about you, and describes your rights and choices about this, please go to https://www.allegisgroup.com/en-gb/privacy-notices.
We are part of a global network of companies and as a result, the personal data you provide will be shared within Allegis Group and transferred and processed outside the UK, Switzerland and European Economic Area subject to the protections described in the Allegis Group Online Privacy Notice. We store personal data in the UK, EEA, Switzerland and the USA. If you would like to exercise your privacy rights, please visit the « Contacting Us » section of our Online Privacy Notice at https://www.allegisgroup.com/en-gb/privacy-notices for details on how to contact us. To protect your privacy and security, we may take steps to verify your identity, such as a password and user ID if there is an account associated with your request, or identifying information such as your address or date of birth, before proceeding with your request. If you are resident in the UK, EEA or Switzerland, we will process any access request you make in accordance with our commitments under the UK Data Protection Act, EU-U.S. Privacy Shield or the Swiss-U.S. Privacy Shield.