IT Risk Analyst – Cyber Security (Penetration Testing Background)
Rate: Market rate (competitive, Inside IR35)
Location: Ipswich – on-site 3 days per week (mandatory, no flexibility)
Role Overview
My client, within Financial Services, are looking for an experienced IT Risk Analyst with a strong cyber security background, specifically someone who has hands-on penetration testing experience earlier in their career. While the role is risk-focused, the ideal candidate will bring the technical credibility gained from penetration testing into a broader IT and cyber risk function.
This role requires a confident communicator who can engage effectively with technical teams, senior stakeholders, and business leaders, translating technical security risks into clear, actionable risk insights.
Key Responsibilities
* Perform IT and cyber risk assessments across applications, infrastructure, and security controls.
* Leverage previous penetration testing experience to assess vulnerabilities, threat exposure, and control effectiveness.
* Analyse penetration test findings, security assessments, and vulnerability reports to identify risk themes and remediation priorities.
* Work closely with Security, Technology, and Risk teams to support risk identification, mitigation, and reporting.
* Engage with stakeholders at all levels to clearly articulate cyber risks, impacts, and recommended actions.
* Support governance activities including risk registers, control assessments, and remediation tracking.
* Contribute to continuous improvement of cyber risk frameworks, processes, and reporting.
* Provide input into security assurance activities, audits, and regulatory-driven initiatives where required.
Required Experience & Skills
* Previous hands-on experience as a Penetration Tester at some stage in your career.
* Strong background in Cyber Security, with exposure to risk, assurance, governance, or security operations.
* Solid understanding of common attack vectors, vulnerabilities, and security controls.
* Experience translating technical security findings into business-focused risk statements.
* Confidence engaging with senior stakeholders, technical teams, and non-technical audiences.
* Experience working within large enterprise or regulated environments.
* Experience in IT Risk, Cyber Risk, GRC, or Security Assurance roles.
* Familiarity with security and risk frameworks (e.g. ISO 27001, NIST, OWASP).
* Exposure to financial services or insurance environments.
#J-18808-Ljbffr