Cyber Security Risk Assessor

Cyber Security Risk Assessor

Posted 1 week ago by Concept Resourcing on CVLibrary

£650 Per day
Outside
Onsite
London



Cyber Security Risk Assessor

Position: Cyber Security Risk Assessor
Contract Length: 12 months
Rate: 600 - 650 per day OUTSIDE IR35
Location: London, Bristol or Manchester - 1-2 days per week on site







Key Responsibilities:

  • Risk Assessment:

    • Conduct deep-dive risk assessments for a portfolio of complex digital services (e.g., (url removed), Notify & Emergency Alerts, Pay & Forms, Platforms & Services, Identity Services).
    • Update existing assessments to reflect current risks and ensure alignment with newly identified risks.
  • Risk Treatment Planning:

    • Design and implement actionable, cost-effective risk treatment plans (RTP) tailored to specific services.
    • Ensure RTPs are aligned with government cyber assurance frameworks and standards, including NCSC's Cloud Security Principles, ISO/IEC 27001:2022, and NIST SP 800-35 Rev 5.
    • Present findings and recommendations to both technical and non-technical stakeholders.
  • Training and Mentorship:

    • Provide formal training to the Digital Service Platform (DSP) teams and Information Security Team on best practices in risk assessment and cyber risk management.
    • Mentor team members to enable self-sufficiency in maintaining and updating risk assessments.
  • Stakeholder Engagement:

    • Regularly communicate progress and findings with senior stakeholders, including the Head of Cyber Risk & Assurance, Chief Information Security Officer (CISO), and service teams.
  • Documentation and Handover:

    • Complete a thorough handover at contract conclusion, transferring all intellectual property, including documents, spreadsheets, and related artefacts.


Key Competencies:

  • Strong analytical skills and a strategic approach to cyber security risk.
  • Effective communicator, capable of translating technical details into actionable insights for both technical and non-technical stakeholders.
  • Self-motivated with the ability to work autonomously while adhering to governmental policies and standards.
  • Ability to adapt and apply knowledge in a rapidly evolving cyber threat landscape.