Summary: The Cyber Security Risk Analyst role at the Cabinet Office involves developing and implementing a cyber security risk management framework and associated documentation. The position requires collaboration with cross-functional teams to assess compliance and enhance risk management practices while ensuring alignment with national standards. The role is hybrid, requiring two days a week in London, and necessitates active SC Clearance. The contract duration is seven months, and the position is classified as inside IR35.

Key Responsibilities:

• Draft and publish a risk management framework for the Cabinet Office.
• Lead the development and enhancement of cyber security risk management practices.
• Develop and implement processes for compliance assessment against internal and external requirements.
• Evaluate and assess cyber security controls across business practices and third-party vendors.
• Collaborate with cross-functional teams on risk management activities.
• Identify cyber threats, risks, and issues using risk management techniques.
• Support the creation and maintenance of security policies and metrics.
• Assist the Information Security and Assurance Manager in delivering information security objectives.
• Promote continuous improvement in information security practices.

Key Skills:

• Active SC Clearance.
• Experience in Security Governance Risk & Compliance (GRC).
• Experience authoring policy and process documentation.
• Hands-on experience conducting cyber risk assessments and developing mitigation strategies.
• Knowledge of security frameworks such as NCSC CAF, ISO27001, ISO 27005, ISO 31000, NIST 800-53.
• Strong interpersonal and communication skills.
• Ability to elicit security requirements based on business needs.
• Understanding of risk assessment principles and methodologies.
• Competence in technology areas relevant to cyber security.
• Understanding of assurance approaches and their application.

Salary (Rate): undetermined

City: London

Country: UK

Working Arrangements: hybrid

IR35 Status: inside IR35

Seniority Level: undetermined

Industry: IT