Cyber Security Analyst | £50,000 - £55,000 base
We’re working with a financial services organisation that’s hiring a Cyber Security Analyst to join its second line of defence. This isn’t your typical analyst role - it’s focused on assurance and oversight, helping to ensure the organisation’s security controls are effective, risks are clearly understood, and improvements are made where it matters most.
You’ll work alongside the Information Security Officer and wider risk team to assess and challenge the effectiveness of current controls, contribute to risk assessments, and support internal audit and governance processes.
Responsibilities:
* Provide second-line assurance and oversight of information security controls
* Identify and assess gaps in existing controls, offering pragmatic, risk-based solutions
* Translate technical risks into business-friendly language for executive and board-level reporting
* Support audits and compliance assessments, including gathering and reviewing evidence
* Collaborate with teams across the business to ensure effective risk management
* Influence stakeholders to drive security improvements without a blame culture
* Contribute to the development and maturity of the organisation’s security risk framework
* Stay up to date with evolving threats, vulnerabilities, and control standards
Requirements:
* Strong understanding of the three lines of defence model
* Proven experience in information security risk, assurance, and oversight
* Ability to influence stakeholders and communicate effectively at all levels, including non-technical audiences
* Knowledge of security frameworks such as ISO 27001, NIST, or similar
* Experience identifying control gaps and working across functions to address them
* Comfortable working in a collaborative, solutions-focused environment
* Sector background is flexible – consulting, commercial, or industry experience welcome
* Relevant certifications (CISM, CISSP, CRISC, ISO 27001 Lead Auditor) are a plus, but not required
This role it's a great fit for someone who understands information security frameworks, knows how to translate technical risks for non-technical audiences, and enjoys working across both strategic and operational layers of cyber risk.