Risk Analyst - Application Risk Assessment

Risk Analyst - Application Risk Assessment

Posted 5 days ago by WNTD

Apply
Negotiable
Inside
Hybrid
London Wall, London (Hybrid - 3 days onsite per week), UK
Apply
Application Security Certified Information Security Manager (CISM) Conditional Formatting Data Classification Data Collection Data Encryption Encryption Information Systems Security ISO 31000 Series Management Microsoft PowerPoint Microsoft SharePoint Microsoft Word Octave Risk Management Stakeholder Management

Summary: The Risk Analyst - Application Risk Assessment role involves evaluating and managing security risks associated with applications within a global Information Security team. The position requires collaboration with business and IT stakeholders to facilitate security assessments and recommend mitigation strategies, particularly for applications handling classified or secret data. The analyst will also champion application security risk across the organization and provide regular risk reporting. This role is hybrid, requiring three days onsite per week in London.

Key Responsibilities:

  • Conduct Application Risk Assessments (ISARA) in line with global security standards and frameworks
  • Serve as the liaison between IS, IT, and business stakeholders to identify and assess application-related risks
  • Facilitate the risk evaluation process, including formatting, data collection, and impact assessments
  • Perform control assessments to determine control effectiveness
  • Use defined risk methodologies (eg FAIR, ISO 31000) to rate risks and update internal risk registers
  • Propose, document, and follow through on remediation plans and action items
  • Monitor risk remediation efforts and ensure timely updates in governance tools
  • Review major application changes and ensure associated risk documentation is up to date
  • Provide weekly and monthly risk reporting, including key metrics and residual risk summaries
  • Represent Information Security in cross-functional business discussions, clearly articulating risks, controls, and policy alignment

Key Skills:

  • 5+ years of experience in Risk Management and/or Information Security
  • Proven experience conducting application-level security risk assessments
  • Strong understanding of:
    • Secure software and network architecture
    • Risk management frameworks (eg ISO 3100X, NIST 800-30/37/39, ENISA, EBIOS, OCTAVE, FAIR)
    • OWASP Top 10, encryption, data classification, and secure data flows
  • Ability to read and interpret HLDs/LLDs to identify risk controls and gaps
  • Expertise with Microsoft Office suite (Excel, Word, PowerPoint, SharePoint)
  • Excellent verbal and written communication skills, including experience communicating with C-level stakeholders
  • Background in multinational environments with cross-functional collaboration
  • Strong attention to detail with advanced analytical and reporting capabilities

Salary (Rate): undetermined

City: London

Country: UK

Working Arrangements: hybrid

IR35 Status: inside IR35

Seniority Level: undetermined

Industry: IT

Detailed Description From Employer:

Job Title: Risk Analyst - Application Risk Assessment
Location: London Wall, London (Hybrid - 3 days onsite per week)
Start Date: ASAP
Contract Duration: Until End of Year (Potential Extension) Inside IR35

About the Role

Our client is seeking an experienced Risk Analyst - Application Risk Assessment to join their global Information Security team. In this key role, you will support the evaluation and management of security risks introduced by applications across the enterprise. This includes facilitating security assessments, engaging with business and IT stakeholders, and recommending mitigation strategies-especially for applications processing classified or secret data.

You'll be working closely with global teams, including IS, IT, and Risk Management, and will act as a champion for application security risk across the organization.

Key Responsibilities

  • Conduct Application Risk Assessments (ISARA) in line with global security standards and frameworks

  • Serve as the liaison between IS, IT, and business stakeholders to identify and assess application-related risks

  • Facilitate the risk evaluation process, including formatting, data collection, and impact assessments

  • Perform control assessments to determine control effectiveness

  • Use defined risk methodologies (eg FAIR, ISO 31000) to rate risks and update internal risk registers

  • Propose, document, and follow through on remediation plans and action items

  • Monitor risk remediation efforts and ensure timely updates in governance tools

  • Review major application changes and ensure associated risk documentation is up to date

  • Provide weekly and monthly risk reporting, including key metrics and residual risk summaries

  • Represent Information Security in cross-functional business discussions, clearly articulating risks, controls, and policy alignment

Required Skills & Experience

  • 5+ years of experience in Risk Management and/or Information Security

  • Proven experience conducting application-level security risk assessments

  • Strong understanding of:

    • Secure software and network architecture

    • Risk management frameworks (eg ISO 3100X, NIST 800-30/37/39, ENISA, EBIOS, OCTAVE, FAIR)

    • OWASP Top 10, encryption, data classification, and secure data flows

  • Ability to read and interpret HLDs/LLDs to identify risk controls and gaps

  • Expertise with Microsoft Office suite (Excel, Word, PowerPoint, SharePoint)

  • Excellent verbal and written communication skills, including experience communicating with C-level stakeholders

  • Background in multinational environments with cross-functional collaboration

  • Strong attention to detail with advanced analytical and reporting capabilities

Preferred Qualifications

  • Industry certifications (eg CISSP, CISM, CRISC)

  • Experience working with Mitre ATT&CK, ISO 27001, or similar InfoSec frameworks

  • Exposure to enterprise-grade risk management tools and reporting platforms

Apply
Similar Jobs
Loading data...