Job Description
The Cyber Security Analyst, Risk is a member of the Cyber Security Governance, Risk and Compliance team. The role supports day‑to‑day oversight and management of cyber risk across the organisation, ensuring risks are identified, assessed, documented and managed in accordance with Heathrow’s policies, enterprise risk framework and recognised industry best practice.
The position requires strong analytical capability, stakeholder engagement skills and an understanding of governance and assurance frameworks within a regulated or complex operational environment.
Responsibilities
* Assist in the management and continuous improvement of relevant cyber risk management policies, ensuring alignment to recognised best practice.
* Help mature and drive effective cyber risk management practices across the business, ensuring risks are identified, assessed and managed appropriately.
* Support the implementation of modern risk‑management tooling, including business engagement to maximise tool value.
* Participate in internal and external audits, including relevant follow‑up activity.
* Support the delivery of Heathrow’s third‑party risk management programme.
* Compile and analyse data for management reporting and metrics.
* Maintain a comprehensive and current understanding of cyber‑security and information‑security threats.
* Track and follow‑up with risk owners to ensure risks are remediated according to agreed timescales.
Qualifications
* Proven experience operating in cyber risk roles; experience in mixed IT/OT environments is advantageous.
* Relevant risk, assurance and/or cyber leadership certifications, such as CISSP, CISM, C‑RISC, CISA, ISO 27001 Lead Auditor / Lead Implementor are advantageous.
* Knowledge and understanding of key information‑security controls/processes.
* Experience applying cyber risk‑management frameworks (e.g. ISO 27005, NIST Risk Management Framework) in complex operational environments.
* Understanding of cyber‑security standards and frameworks, in particular ISO 27001, NIST Cybersecurity Framework v2.0, and the NCSC Cyber Assessment Framework.
* Understanding of the UK regulatory landscape for cyber security and resilience, including the Network and Information Systems Regulations 2018.
* Knowledge and experience of relevant aviation security frameworks (e.g. CAP1753) is advantageous.
Benefits
We offer competitive salaries and excellent benefits, including performance‑based annual bonuses, a Share in Success Bonus plan, generous annual leave, market‑leading pensions, private health insurance and a wide range of wellbeing tools. Learning and development opportunities are also available.
Working Location
Hybrid working allows you to work from home up to two days a week, with on‑site arrangements confirmed during recruitment. You must be based in the UK and within a commutable distance to Heathrow.
Sustainable Travel to Work
Heathrow’s Sustainable Travel Guide offers easy and sustainable travel options for employees.
Equal Opportunities
As an equal‑opportunities employer, we welcome applications from all. We believe diverse talent makes us stronger and we support inclusivity across our workforce.
About the Team
The Cyber Security Governance, Risk and Compliance team works to ensure the safety and resilience of Heathrow’s operations, covering project management, process improvement and cyber defence. Team members collaborate across technology, data and stakeholder groups to maintain the highest security standards.
#J-18808-Ljbffr