Cyber and IT Risk Analyst
Location:
Hybrid (c. 3–4 times per month in the Staines area)
Type:
Full-time, Permanent
Salary:
£62,000 – £79,000 per annum + Benefits
Foundations Executive Search is proud to be partnering with one of the UK’s most prestigious and recognised brands to support the appointment of a
Cyber and IT Risk Analyst
.
This is a fantastic opportunity for an analytical, detail-driven cyber risk professional to join a nationally critical organisation undergoing significant digital transformation. You'll be supporting enterprise-wide cyber risk decision-making at scale—helping to shape and mature security practices across a complex operational environment.
The Opportunity
As a Cyber and IT Risk Analyst, you will play a vital role in supporting the enterprise security team to assess, manage, and remediate cyber and IT risks. Working closely with a wide range of stakeholders, you’ll ensure that cyber risk is measured, tracked, and embedded within broader technology and business decision-making frameworks.
You’ll leverage risk methodologies such as
NIST
and
ISO 27005
to deliver detailed qualitative and quantitative analysis, supporting effective security prioritisation and investment decisions.
Key Responsibilities
Perform detailed cyber and IT risk analysis using recognised frameworks (e.g. NIST, ISO27005)
Collaborate pragmatically with technical and business stakeholders to undertake cyber risk assessments and influence control decisions
Act as a subject matter expert and trusted advisor on cyber and IT risk management
Communicate risk findings clearly, tailoring insights for both technical and non-technical audiences
Manage, maintain, and report on the organisation’s Risk Log using platforms such as
SureCloud
and
RiskLedger
Support the remediation of identified risks, aligned to the organisation’s cyber risk appetite and strategic objectives
Contribute to the ongoing delivery and implementation of the broader Cyber Strategy
Assist Cyber Assurance Leads with risk tracking, documentation, and reporting activities
About You
You’ll be a proactive, structured, and collaborative professional who brings strong analytical skills and the ability to work comfortably across complex technology environments. You’ll have the confidence to engage a variety of stakeholders, from technical experts to senior management, and the attention to detail required for effective risk governance.
Essential Experience and Skills
Demonstrable experience applying at least two recognised cyber and/or IT risk methodologies (e.g., NIST, ISO27005, FAIR, OCTAVE)
Experience managing cyber risk in complex, geographically distributed organisations
Strong documentation skills with the ability to manage and track detailed risk registers
Excellent communication skills with the ability to present complex technical issues in a clear and approachable way
Calm and methodical approach, able to prioritise effectively under pressure
Desirable Experience
Experience working in safety-critical, aviation, or critical infrastructure environments
Experience with risk management platforms such as
SureCloud
and
RiskLedger
Working towards or holding relevant certifications such as
CompTIA Security+
,
CEH
,
SSCP
, or equivalent
Why Apply?
This is an exciting chance to build your career in cyber risk within one of the UK's most prestigious and highly respected organisations. With the opportunity to work across a wide range of strategic projects, and strong support for career development, this role offers excellent professional growth and long-term impact