The Role
You will work across technology, security and business teams to identify, assess and manage cyber security risks while helping establish consistent governance processes and controls.
Responsibilities
- Conducting cyber security and technology risk assessments
- Maintaining and developing security risk registers
- Managing asset registers and supporting asset governance activities
- Facilitating security governance forums and risk review meetings
- Supporting the creation and enhancement of security policies, standards and procedures
- Working with stakeholders to assess risks and agree remediation priorities
- Monitoring and tracking risk treatment plans
- Supporting ISO27001-aligned governance, risk and compliance activities
- Contributing to wider security maturity and control improvement initiatives
What We're Looking For
- Experience working within GRC, cyber security risk or information security functions
- Strong understanding of cyber security risk management principles
- Experience maintaining risk registers and conducting risk assessments
- Knowledge of ISO27001 and ideally ISO27005
- Experience supporting governance forums, compliance activities and policy development
- Ability to engage confidently with technical and non-technical stakeholders
- Strong documentation and communication skills
- Pragmatic, delivery-focused approach
Desirable Experience
- Experience within large, operationally complex environments
- Exposure to NIST, Cyber Essentials Plus or similar security frameworks
- Knowledge of enterprise security controls and security operations functions
- Experience supporting wider cyber transformation or security maturity programmes
Contract Details
Outside IR35
Initial 6-month contract
£400 - £450 per day
Hybrid working
North West England
One-stage interview process
Immediate start available
This role would suit a Cyber Security Risk Analyst, Information Security Analyst, GRC Analyst, Security Governance Analyst or Cyber Compliance Specialist looking to play a key role in a large-scale security improvement programme.