Cyber Risk Analyst - OT - ISO27005 - Risk Assessements

Cyber Risk Analyst (Contract)

Location: London/Southeast - Hybrid / Remote working
Duration: 6+ months (12+ months programme of work)
Day Rate: Up to 600 a day DOE (Inside IR35)

Start date: ASAP.

Overview

We are seeking a skilled, proactive, and analytical Cyber Risk Analyst to support the Governance, Risk and Compliance (GRC) function of my client. You will be responsible for identifying, assessing, and helping to mitigate Cyber, Information Security, and OT security risks across the organisation.

You will work closely with IT, compliance, security assurance, and business stakeholders to ensure the organisation's cyber risk posture aligns with regulatory requirements and recognised industry best practices.

Essential skills and Experience

• 3-5 years' experience in an Information Security or Cyber Risk assessment role.
• Ability to clearly articulate Cyber Risk to both technical and non-technical audiences.
• Hands-on experience working with recognised Cyber Risk management frameworks and methodologies such as:
  • ISO 27005
  • Or other structured cyber risk quantification approaches
• Strong understanding of Information Security principles, Governance, and Risk Management practices.
• Proven experience maintaining compliance documentation aligned to industry standards, regulations, and legislative requirements, including but not limited to:
  • NIS Directive - Cyber Assessment Framework (CAF)
  • ISO/IEC 27001 and ISO/IEC 27002
  • NIST Cybersecurity Framework (CSF) 2.0
  • IEC 62443
  • GDPR and the Data Protection Act

Desirable Skills

• Experience working in regulated or Critical National Infrastructure environments.
• Familiarity with OT and Industrial control system (ICS) security risk.
• Strong stakeholder engagement and communication skills.

The rate is dependent on skills and experience, and the contract is inside IR35.

For further information, please apply online and I will contact you to discuss the role in more detail.