Overview:

Our client is currently seeking an experienced Security Risk Analyst to join their team on a contract basis through the end of the year. This role sits inside IR35 and will require three days per week onsite at their Central London office. You'll play a key role in assessing and managing information security risks across the business and IT landscape.

Key Responsibilities:

• Conduct risk assessments across both IT and business units, ensuring compliance with internal security policies and relevant regulatory frameworks (eg, ISO 27001, NIST, FCA).

• Collaborate with key stakeholders to gather and analyze technical security data for accurate risk evaluation and remediation.

• Work closely with Vulnerability Assessment & Penetration Testing (VAPT), Threat Intelligence, and Incident Response teams to understand technical risks and validate that appropriate controls are in place.

• Contribute to the ongoing improvement of Governance, Risk, and Compliance (GRC) practices by incorporating findings from technical assessments and adapting to emerging threat landscapes.

• Prepare clear and concise documentation and reporting for senior leadership, audit committees, and regulatory authorities.

• Support internal and external audit activities by providing required risk assessments, compliance documentation, and evidence.

Key Skills & Experience:

• Proven experience in cybersecurity risk analysis or information security governance.

• Strong knowledge of information security frameworks and regulatory standards, particularly ISO 27001, NIST, and FCA requirements.

• Experience working collaboratively with technical security teams (eg, VAPT, Threat Intel, IR).

• Understanding of risk management principles and GRC practices.

• Excellent communication skills, with the ability to convey technical risk to both technical and non-technical audiences.

• Experience supporting audit and compliance efforts.