Cyber and IT Risk

Cyber and IT Risk Analyst

Location:

Hybrid (c. 3–4 times per month in the Staines area)

Type:

Full-time, Permanent

Salary:

£62,000 – £79,000 per annum + Benefits

Foundations Executive Search is proud to be partnering with one of the UK’s most prestigious and recognised brands to support the appointment of a

Cyber and IT Risk Analyst

.

This is a fantastic opportunity for an analytical, detail-driven cyber risk professional to join a nationally critical organisation undergoing significant digital transformation. You'll be supporting enterprise-wide cyber risk decision-making at scale—helping to shape and mature security practices across a complex operational environment.

The Opportunity

As a Cyber and IT Risk Analyst, you will play a vital role in supporting the enterprise security team to assess, manage, and remediate cyber and IT risks. Working closely with a wide range of stakeholders, you’ll ensure that cyber risk is measured, tracked, and embedded within broader technology and business decision-making frameworks.

You’ll leverage risk methodologies such as

NIST

and

ISO 27005

to deliver detailed qualitative and quantitative analysis, supporting effective security prioritisation and investment decisions.

Key Responsibilities

Perform detailed cyber and IT risk analysis using recognised frameworks (e.g. NIST, ISO27005)

Collaborate pragmatically with technical and business stakeholders to undertake cyber risk assessments and influence control decisions

Act as a subject matter expert and trusted advisor on cyber and IT risk management

Communicate risk findings clearly, tailoring insights for both technical and non-technical audiences

Manage, maintain, and report on the organisation’s Risk Log using platforms such as

SureCloud

and

RiskLedger

Support the remediation of identified risks, aligned to the organisation’s cyber risk appetite and strategic objectives

Contribute to the ongoing delivery and implementation of the broader Cyber Strategy

Assist Cyber Assurance Leads with risk tracking, documentation, and reporting activities

About You

You’ll be a proactive, structured, and collaborative professional who brings strong analytical skills and the ability to work comfortably across complex technology environments. You’ll have the confidence to engage a variety of stakeholders, from technical experts to senior management, and the attention to detail required for effective risk governance.

Essential Experience and Skills

Demonstrable experience applying at least two recognised cyber and/or IT risk methodologies (e.g., NIST, ISO27005, FAIR, OCTAVE)

Experience managing cyber risk in complex, geographically distributed organisations

Strong documentation skills with the ability to manage and track detailed risk registers

Excellent communication skills with the ability to present complex technical issues in a clear and approachable way

Calm and methodical approach, able to prioritise effectively under pressure

Desirable Experience

Experience working in safety-critical, aviation, or critical infrastructure environments

Experience with risk management platforms such as

SureCloud

and

RiskLedger

Working towards or holding relevant certifications such as

CompTIA Security+

,

CEH

,

SSCP

, or equivalent

Why Apply?

This is an exciting chance to build your career in cyber risk within one of the UK's most prestigious and highly respected organisations. With the opportunity to work across a wide range of strategic projects, and strong support for career development, this role offers excellent professional growth and long-term impact