Cyber Security Risk Analyst (Application Security)

My client a government department are looking to recruit an experienced Cyber Security Risk Analyst who is a SME on application security risk .

My client is a global organisation and risk requests can come in anywhere from around the globe

Duties and Responsibilities

• Application Risk assessment, analysis, management, and risk reporting across 1000s of applications globally
• Ensure all applications, systems are risk assessed and approved as per existing process.
• Threat and risk vulnerability, modelling
• Creating and managing risk register and risk policies and standards and process,
• Carrying our threat and vulnerability assessment
• Engage with the business to ensure new risks are identified and managed.
• Creating process, schedule for risk assessment for re-assessments.
• Carrying out third party and supplier third party risk audits.
• Ensure risks are identified, assessed managed and reported in a timely manner.
• Proactively identify gaps and make improvements.
• Produce quality reports on security risks, progressions, and non-noncompliance with policies.
• Engage and build relationships with internal and external stakeholders.

Essential experience

• CISSP,CISM or CRISC qualified
• Experience of working with security frameworks, NIST and specifically SPF and NCSC Risk Management Guidance
• Experience of working with NCSC’s Cloud Principles, Cloud Assurance Framework and other NCSC and HMG standards and guidance.
• Experience of risk a threat models and risk assessment methodologies and frameworks such as NCSC’s Cyber security risk management framework, ISO31000, ISO25005.
• 5 + years of working in security in large global , diverse, and complex organisation in risk management roles.
• Demonstrable hands on experience of risk management, assessment, and thread modelling
• Threat and vulnerability assessment experience
• Experience of risk a threat models and risk assessment methodologies and frameworks such as NCSC’s Cyber security risk management framework, ISO31000, ISO25005.
• Extensive knowledge of threat and vulnerability, attack types and response.
• Extensive experience of carrying out risk assessment, IT, Cloud risks etc and managing third party risks.
• Ensure all IT application, services and systems risk assessed.
• Experience producing high quality documentation, policies, process, and reporting.
• Experience of structured and analytical approach to problem solving and problem resolution.