Security Risk Analyst
| Posting date: | 01 October 2024 |
|---|---|
| Salary: | £35,711 to £36,545 per year |
| Hours: | Full time |
| Closing date: | 13 October 2024 |
| Location: | B1 2AX |
| Company: | Government Recruitment Service |
| Job type: | Permanent |
| Job reference: | 370708/1 |
Summary
If yes, we want you to join us at DWP Digital.
This is a key role to compliment the wider work being delivered within the Digital Security Risk Management (DSRM) team, with risk driving security, enabling a clear, practical, and realistic view of Cyber Security Risk information.
As a Security Risk Analyst, you will work within the Digital Group to help deliver 1st line risk identification, assessment, remediation and treatment of risks. You will identify controls and make recommendations to address security vulnerabilities and control weaknesses in project and ad hoc engagements.
Please note this role requires you to pass Security Check clearance. For further information, please see 'Selection process details'.
The Security Risk Analyst will support, help shape, and deliver innovative ways of working to support how cyber security risk assessments are conducted within DWP.
The role will improve engagement with the risk function, collaborating with delivery teams and providing advice on how best to engage.
As a Security Risk Analyst, you will work towards developing a good understanding of the security tools and techniques used by DWP and to be able to contribute to core security deliverables.
You will be given appropriate responsibility and under the guidance of Cyber Security Risk Managers help build and maintain core services across digital security (including involvement and facilitation of Cyber Security Testing and Security Operations Centre Use Case process).
Summary of responsibilities include:
- Support risk management processes, issues, and dependencies (external and internal) for DSRM deliverables.
- Establish collaborative working across organisational boundaries, ensuring quality work is delivered at pace. Support the team lead in managing complex control and risk issues to help the wider team navigate a complex environment.
- Be involved with change and governance on behalf of the wider team in association with influencing security standards and governance boards, considering findings from across the wider cyber security teams.
- Communicate across a wide range of internal and external stakeholders, tailoring messages to ensure that it is right for the audience.
NB - it would be useful to have, or be prepared to work towards, a BCS Certificate in Information Security Management Principles (CISMP), or equivalent qualification, knowledge, or experience of physical, technical and environmental security controls, information security management, information risk, people controls, software development/ lifecycle, disaster recovery, investigation forensics and cryptography.