Role Overview
We’re looking for an experienced Senior Cyber Risk Analyst to join a purpose-driven organisation on a part-time basis. In this role, you’ll take the lead in strengthening the organisation’s security posture by driving forward incident response, vulnerability management, andpliance initiatives. You’ll be a key player in embedding security best practices across the business and ensuring alignment with industry standards.
Responsibilities
1. Work 7-hour days, 3 days a week
2. Act as a trusted advisor on information security matters, supporting projects, solution development, and change initiatives with expert guidance.
3. Perform regular risk evaluations to uncover and address potential security gaps.
4. Lead the end-to-end management of security incidents, ensuring swift and effective resolution.
5. Design and deliver engaging training sessions to raise awareness and promote a security-first mindset across the organisation.
6. Monitor the evolving threat landscape and develop proactive strategies to mitigate risks.
7. Coordinate internal and external audits, ensuring readiness andpliance with relevant standards.
8. Oversee the performance and strategic direction of the Security Operations Centre (SOC).
9. Contribute to the development of a long-term security roadmap that supports the organisation’s strategic goals.
10. Ensure ongoingpliance with frameworks and certifications such as Cyber Essentials Plus, ISO 27001, and PCI DSS.
What you'll need to succeed
11. Willingness to work 7-hour days, 3 days a week
12. Demonstrated expertise in conducting technical security risk assessments and developing threat models.
13. Skilled at translating technical vulnerabilities into business-relevant language for diverse audiences.
14. Hands-on experience operating in or collaborating with a Security Operations Centre (SOC).
15. Well-versed in applying recognised risk management methodologies such as ISO 27005 and NIST Risk Management Framework.
16. Strong written and verbalmunication abilities, with a focus on clear reporting and stakeholder engagement.
17. Possession of industry-recognised certifications such as CISSP, CISM, CRISC, or CEH would be preferred.
18. Familiarity withernance, Risk, andpliance (GRC) platforms and maintaining structured risk registers.
19. Understanding of applicable regulations and data protection legislation, including GDPR and other industry-specific mandates.
What you'll get in return
20. Guaranteed 3-Month contract
21. £ p/h PAYE or £ p/h UMB
22. Fully remote working - if travel is needed it will be expensed
23. Part-time work whereby you work 3 days a week