Job Title: Risk Analyst - Application Risk Assessment
Location: London Wall, London (Hybrid - 3 days onsite per week)
Start Date: ASAP
Contract Duration: Until End of Year (Potential Extension) Inside IR35
About the Role
Our client is seeking an experienced Risk Analyst - Application Risk Assessment to join their global Information Security team. In this key role, you will support the evaluation and management of security risks introduced by applications across the enterprise. This includes facilitating security assessments, engaging with business and IT stakeholders, and recommending mitigation strategies-especially for applications processing classified or secret data.
You'll be working closely with global teams, including IS, IT, and Risk Management, and will act as a champion for application security risk across the organization.
Key Responsibilities
* Conduct Application Risk Assessments (ISARA) in line with global security standards and frameworks
* Serve as the liaison between IS, IT, and business stakeholders to identify and assess application-related risks
* Facilitate the risk evaluation process, including formatting, data collection, and impact assessments
* Perform control assessments to determine control effectiveness
* Use defined risk methodologies (eg FAIR, ISO 31000) to rate risks and update internal risk registers
* Propose, document, and follow through on remediation plans and action items
* Monitor risk remediation efforts and ensure timely updates in governance tools
* Review major application changes and ensure associated risk documentation is up to date
* Provide weekly and monthly risk reporting, including key metrics and residual risk summaries
* Represent Information Security in cross-functional business discussions, clearly articulating risks, controls, and policy alignment
Required Skills & Experience
* 5+ years of experience in Risk Management and/or Information Security
* Proven experience conducting application-level security risk assessments
* Strong understanding of:
* Secure software and network architecture
* Risk management frameworks (eg ISO 3100X, NIST 800-30/37/39, ENISA, EBIOS, OCTAVE, FAIR)
* OWASP Top 10, encryption, data classification, and secure data flows
* Ability to read and interpret HLDs/LLDs to identify risk controls and gaps
* Expertise with Microsoft Office suite (Excel, Word, PowerPoint, SharePoint)
* Excellent verbal and written communication skills, including experience communicating with C-level stakeholders
* Background in multinational environments with cross-functional collaboration
* Strong attention to detail with advanced analytical and reporting capabilities
Preferred Qualifications
* Industry certifications (eg CISSP, CISM, CRISC)
* Experience working with Mitre ATT&CK, ISO 27001, or similar InfoSec frameworks
* Exposure to enterprise-grade risk management tools and reporting platforms