Security Risk Analyst (GRC/Application Security)

Security Risk Analyst (GRC/Application Security)

Posted 6 days ago by WNTD

Apply
£550 Per day
Inside
Hybrid
Hybrid: London or Ipswich (3 days onsite), UK
Apply
Application Security Burp Suite Certified Ethical Hacker (CEH) Certified Information Systems Security Professional (CISSP) Cyber Incident Response External Auditing Financial Services Governance Risk Management And Compliance Management Nexpose (Vulnerability Scanning Software) Penetration Testing Risk Awareness Stakeholder Management Vulnerability Vulnerability Management Vulnerability Scanning

Summary: The Security Risk Analyst role focuses on identifying and analyzing vulnerabilities in enterprise applications, providing insights, and reporting findings to the CISO. This position emphasizes risk assessment rather than remediation, aiming to enhance the organization's risk awareness and governance. The analyst will conduct security assessments, lead vulnerability reviews, and ensure compliance with recognized frameworks. Strong collaboration with senior leadership is essential to influence security posture and decision-making.

Key Responsibilities:

  • Carry out security assessments across a portfolio of business applications, highlighting weaknesses and compliance risks.
  • Lead vulnerability reviews and application-level testing to measure resilience.
  • Deliver risk reports and analysis, clearly outlining likelihood, impact, and business implications.
  • Gather and validate information from different teams while keeping an independent, objective viewpoint.
  • Ensure risk assessments align with recognised frameworks such as NIST, ISO 27001, and CIS Controls.
  • Contribute to audit preparation and provide evidence for external and internal reviews.
  • Apply your background in penetration testing, vulnerability management, or incident response to enrich risk findings.
  • Partner closely with CISOs and senior leaders to influence security posture and decision-making.

Key Skills:

  • Strong experience as a Risk Analyst, Application Security Specialist, or Vulnerability Manager.
  • Solid technical foundation with hands-on experience in penetration testing or vulnerability management.
  • Proficiency in vulnerability scanning tools (Qualys, Tenable, Nexpose, Burp Suite).
  • Ability to translate technical risks into clear, business-oriented language.
  • Direct experience working with CISOs or executive-level stakeholders.
  • OSCP or CISSP certification required.

Salary (Rate): £550 per day

City: London

Country: UK

Working Arrangements: hybrid

IR35 Status: inside IR35

Seniority Level: undetermined

Industry: IT

Detailed Description From Employer:

Security Risk Analyst - GRC & Application Security

Hybrid: London or Ipswich (3 days onsite)
6-Month Contract | £550 per day (Inside IR35)

The Role

Our client is looking for an experienced Security Risk Analyst who combines technical expertise with strong risk assessment capabilities. The focus of this role is on identifying and analysing vulnerabilities across enterprise applications, producing detailed insights, and presenting findings directly to the CISO.

This is not a remediation role - instead, you will play a key part in strengthening the organisation's risk awareness and governance by diagnosing security issues and reporting on their potential business impact.

What You'll Do

  • Carry out security assessments across a portfolio of business applications, highlighting weaknesses and compliance risks.

  • Lead vulnerability reviews and application-level testing to measure resilience.

  • Deliver risk reports and analysis, clearly outlining likelihood, impact, and business implications.

  • Gather and validate information from different teams while keeping an independent, objective viewpoint.

  • Ensure risk assessments align with recognised frameworks such as NIST, ISO 27001, and CIS Controls.

  • Contribute to audit preparation and provide evidence for external and internal reviews.

  • Apply your background in penetration testing, vulnerability management, or incident response to enrich risk findings.

  • Partner closely with CISOs and senior leaders to influence security posture and decision-making.

Your Background

  • Strong experience as a Risk Analyst, Application Security Specialist, or Vulnerability Manager.

  • Solid technical foundation with hands-on experience in penetration testing or vulnerability management.

  • Proficiency in vulnerability scanning tools (Qualys, Tenable, Nexpose, Burp Suite).

  • Ability to translate technical risks into clear, business-oriented language.

  • Direct experience working with CISOs or executive-level stakeholders.

  • OSCP or CISSP certification required.

Nice to Have

  • Other security certifications (CISM, CRISC, CEH, OSCP) are highly valued.

  • Previous work in regulated environments such as financial services, government, or healthcare.

  • Familiarity with scoring models like CVSS or FAIR.

Apply
Similar Jobs
Loading data...