Position: Cyber Security Risk Assessor
Contract Length: 12 months
Rate: 600 - 650 per day OUTSIDE IR35
Location: London, Bristol or Manchester - 1-2 days per week on site

• Risk Assessment:

  • Conduct deep-dive risk assessments for a portfolio of complex digital services (eg, GOV.UK, Notify & Emergency Alerts, Pay & Forms, Platforms & Services, Identity Services).
  • Update existing assessments to reflect current risks and ensure alignment with newly identified risks.

• Risk Treatment Planning:

  • Design and implement actionable, cost-effective risk treatment plans (RTP) tailored to specific services.
  • Ensure RTPs are aligned with government cyber assurance frameworks and standards, including NCSC's Cloud Security Principles, ISO/IEC 27001:2022, and NIST SP 800-35 Rev 5.
  • Present findings and recommendations to both technical and non-technical stakeholders.

• Training and Mentorship:

  • Provide formal training to the Digital Service Platform (DSP) teams and Information Security Team on best practices in risk assessment and cyber risk management.
  • Mentor team members to enable self-sufficiency in maintaining and updating risk assessments.

• Stakeholder Engagement:

  • Regularly communicate progress and findings with senior stakeholders, including the Head of Cyber Risk & Assurance, Chief Information Security Officer (CISO), and service teams.

• Documentation and Handover:

  • Complete a thorough handover at contract conclusion, transferring all intellectual property, including documents, spreadsheets, and related artefacts.

• Strong analytical skills and a strategic approach to cyber security risk.
• Effective communicator, capable of translating technical details into actionable insights for both technical and non-technical stakeholders.
• Self-motivated with the ability to work autonomously while adhering to governmental policies and standards.
• Ability to adapt and apply knowledge in a rapidly evolving cyber threat landscape.