Cyber Security Risk Analyst - Inside IR35 - Edinburgh (Hybrid) - Public Sector Day Rate - up to 350 Duration - 12 months Harvey Nash's Public Sector Client are looking to bring in a contract Cyber Security Risk Analyst to their cyber security team and work closely across with the digital department and with business process owners. You will be expected to get up to speed with core business priorities and digital services and contribute to the development and population of new cost-effective, objective, and where possible, automated risk management processes. The goal is to support data-driven security decisions through maintaining accurate and up-to-date risk information. This includes supporting the development of risk management tools and integration with relevant data sources. You will collaborate closely with product owners, architects, developers, and engineers, as well as security consultants, operations teams, and senior security leadership. Key Responsibilities Maintain awareness of the current cyber threat landscape, industry standards, and best practices. Support the scoping and assessment of risks related to projects, changes, and digital services. Conduct and support risk assessments and threat modelling to identify and evaluate security risks. Contribute to the development and improvement of risk management processes and ensure risk data is accurately captured and maintained. Interpret outputs from assurance activities (e.g., vulnerability scans, audits, or penetration tests) and incorporate findings into the risk management process. Provide clear, prioritised recommendations for risk treatment and mitigation. Support the design and enhancement of risk data models and tools to enable consistent, efficient risk tracking. Technical Scope Office suite (Excel, Word, etc) Cloud platforms (Azure) M365 (e.g. Microsoft form) Power Platform (desirable but not required) Skills Required Security and Risk Assessment or Audit with Digital / Risk experience In depth understanding of and experience with enterprise scale digital service provision Ability to work well in an agile environment with internal colleagues and suppliers Ability to self-start and see through improvements and benefits realisation Desirable Skills Familiarity with information / security related risk management frameworks and tools Experience supporting or maintaining technical risk registers or GRC systems. Awareness of cloud and enterprise service environments. Understanding of assurance activities such as audits, vulnerability assessments, and penetration tests. Desirable Qualifications Formal information or IT risk accreditation beneficial Please note that you must be eligible for BPSS clearance to commence this contract.