Cyber Risk Analyst

Role Title: Cyber Risk Analyst

Location: Knutsford 3 days on site

Duration: 30/10/2026

Rate £404

MUST BE PAYE THROUGH UMBRELLA

Role Description:

"Role Overview: The Cyber Risk Analysts will work under the guidance of the Lead Consultant to execute the detailed risk assessments and analysis of End-of-Life technologies. In this role, you will collect and analyze data on EOL systems, evaluate cyber risks using the defined methodology, and support the implementation of remediation plans.

Key Responsibilities:

Perform Risk Assessments: Conduct in-depth cyber risk assessments for identified EOL systems and technologies, following the methodology and framework established by the project. Gather necessary information on assets (software, hardware, applications that are end-of-life or end-of-support) and assess the potential cyber threats, vulnerabilities, and business impacts associated with each5. Document findings meticulously, ensuring each risk item is well-described (likelihood, impact, severity) in the risk register.

Required Skills & Competencies:

Analytical Skills: Strong analytical and problem-solving skills are essential. The analyst must be able to assess complex IT systems and identify risk factors, interpret vulnerability data, and quantitatively rate risks. Attention to detail is critical for reviewing large lists of EOL assets and ensuring nothing is missed.

Cybersecurity Knowledge: Good understanding of foundational cybersecurity principles (confidentiality, integrity, availability) and how outdated technologies can pose threats. Familiarity with common vulnerabilities and exploits affecting older systems (legacy OS, unsupported software) is beneficial. Knowledge of cyber risk frameworks and standards (such as NIST, ISO27001) and basic concepts of risk assessment is expectedxxiv.

Qualifications & Certifications:

Education: Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field. Equivalent experience in cyber risk or IT security roles can be considered in lieu of a formal degree.

Certifications: Relevant industry certifications are not mandatory but highly valued. Certifications demonstrating knowledge of security and risk principles (e.g., CompTIA Security+, Certified Ethical Hacker (CEH), or GIAC/GSEC) would be a plus. Certifications specifically in risk management or governance (such as CRISC, Certified Information Systems Auditor (CISA), or ISO 27001 Lead Auditor/Implementer) are also advantageous for this role, as they indicate a grasp of risk and control assessment practices.

Experience:

Years of Experience: Approximately 3-5+ years of experience in cybersecurity or IT risk roles. This could include experience as a Cyber Risk Analyst, IT Risk Analyst, Security Analyst, Vulnerability Management Specialist, or GRC (Governance, Risk & Compliance) Analyst. Candidates with slightly more or less experience will be considered based on skill fit, but a baseline understanding from a few years in the field is expected.

Risk Assessment Background: Hands-on experience conducting risk assessments or security assessments is required. For example, experience in identifying and assessing risks for IT systems, writing risk or control reports, or supporting risk treatment projects. Familiarity with creating or maintaining risk registers and tracking mitigation actions is important (e.g., experience ensuring "risks and remediation plans are regularly addressed" in previous rolesxxvii).

Industry-Specific Experience (Desirable): Experience in the financial services sector or other highly-regulated industries is a plus