Enterprise Security Risk Analyst
| Posting date: | 17 March 2026 |
|---|---|
| Salary: | £57,946 to £74,005 per year |
| Additional salary information: | National £57,946 - £68,205 London £63,075 - £74,005 This post currently attracts an additional Recruitment & Retention Allowance of £7,000 per annum. This is reviewed on an annual basis. |
| Hours: | Full time |
| Closing date: | 13 April 2026 |
| Location: | Blackpool |
| Company: | Government Recruitment Service |
| Job type: | Permanent |
| Job reference: | 451559/2 |
Summary
This role has evolved in recent years from traditional, system‑based assessments to true enterprise security risk analysis — understanding the big picture, synthesising information, and articulating how security risks could impact the department’s ability to operate, deliver services, maintain resilience, and protect staff, data, and assets.
The postholder leads a small team, orchestrating complex analytical work across multi-layered risk scenarios, and works extensively with senior stakeholders across Digital, Estates, People Safety, Commercial, Risk & Resilience, and wider security stakeholders. Their work directly shapes DWP’s security posture, prioritisation, and investment decisions.
Lead an Enterprise Security Risk Domain
Hold responsibility for one of four domains (Cyber, Physical, Personnel, Supply Chain).
- Develop, maintain and lead the production of quarterly Enterprise Security Risk Products for senior leaders.
- Oversee multi‑layered risk analysis covering threat scenarios, impacts, controls, and residual risk.
Deliver Complex Security Risk Analysis
- Break down large, ambiguous or abstract security problems into structured analytical components.
- Gather, evaluate and synthesise information from diverse sources, including digital risk data, system-level risk assessments, threat intelligence, estate vulnerabilities, resilience data and people safety insights.
- Apply structured analytical methods to generate robust findings, uncertainty judgements, and evidence‑based conclusions.
Influence Decision Makers
- Produce clear, actionable insights to inform Director General level decision‑making, risk appetite setting, and departmental prioritisation.
- Articulate business impacts: how risks could affect operations, resilience, service delivery, customer experience, staff safety or data protection.
- Support senior leaders (for example DWP's Finance Director General (DG) as risk owner) by outlining options, consequences and recommended mitigations.
Stakeholder Leadership and Engagement
- Build strong relationships with senior stakeholders across Digital, Estates, People Safety, Risk & Resilience, Commercial and wider security teams.
- Coordinate and convene stakeholders to gather evidence, test assumptions and validate analysis.
- Ensure alignment across functions and build consensus around risk understanding, mitigations and priorities.
Team Leadership and Delivery Management
- Lead, mentor and quality‑assure the work of a small team of colleagues.
- Task and oversee scenario‑level analysis (for example physical estate failure scenarios, cyber resilience scenarios).
- Shape team capability, drive continuous improvement and support professionalisation of ESRM’s analytical approach.
Strategic and Tactical Risk Support
- Lead thematic/strategic risk assessments for priority business areas (for example arm’s length bodies).
- Deliver tactical assessments when the business requests security input on emerging issues (for example reviewing new operating models, or outreach activities).
- Provide options and recommendations while enabling the business to understand and own its risk decisions.
Given the geographic spread of our team, DWP customers, cross-government stakeholders and industry suppliers, you'll need to be willing to travel to other DWP locations, with periodic overnight stays required.
Proud member of the Disability Confident employer scheme