Senior Cyber & Technology Risk Analyst

London
10 hours ago
Create job alert

Senior Cyber & Technology Risk Analyst

Location: London
Contract Type: 12‑Month Contract
Salary: £600-£700 per day Via Umbrella

About VPI

VPI is a leading power company operating across the UK, Ireland, and Germany. We address the major systemic challenges in the energy transition by combining deep expertise in trading, operations, and engineering.

Our diverse portfolio spans reliable thermal power, battery storage assets, and carbon capture developments - delivering flexible, resilient, and decarbonised power to millions of homes and businesses.

The Role

Are you an experienced cyber or technology risk professional looking to contribute to a critical function within an evolving energy organisation?

VPI is seeking a Senior Cyber & Technology Risk Analyst to join our central cyber security team, supporting a broad stakeholder base across the UK and Europe. Based in London, with occasional travel to other VPI sites, you will play a leading role in enhancing VPI's security governance, risk management, and compliance capabilities.

This is a highly impactful role, contributing to the development, alignment, and delivery of cyber and technology risk processes across both IT and OT environments, with significant focus on human risk management, supply chain security, and security policy development.

Key Responsibilities

Lead and deliver risk assessment outputs across VPI's full Technology Risk Management Framework.
Translate individual assessments into group-level and strategic risk tracking.
Implement and enhance risk toolkit methodologies within the supply chain risk management framework (including onboarding and aftercare activities).
Lead improvement projects to align supply chain risk maturity with NIST Cyber Supply Chain Risk Management (C‑SCRM) principles.
Deliver improvements in personnel security controls aligned with National Protective Security Authority (NPSA) guidance.
Produce risk outputs linking operational security tools with user‑level behaviour, including DLP, social engineering, and high‑risk activity.
Interpret threat intelligence to support policy updates, awareness content, and risk governance.
Contribute to the education, awareness, and training programme, including presenting briefing sessions.
Support operational metrics analysis to enhance phishing and behavioural protection programmes.
Provide cyber and technology risk consultancy across business development projects and new initiatives.
Collaborate with partners and suppliers to ensure alignment with VPI security policies and supply chain risk frameworks.

What We're Looking For

Experience & Skills (Essential)

Strong experience delivering cyber and technology risk assessments, particularly within supply chain risk domains.
Proven capability managing risk governance across multiple technology-related domains at enterprise level.
Experience using risk tools aligned with NCSC Cyber Assessment Framework (CAF) and secure-by-design methodologies.
Demonstrated background improving controls associated with human risk factors.
Experience developing cyber security policies, user guidance, and awareness materials.
Expert communication skills with ability to translate technical metrics into clear, stakeholder-focused reporting.
Advanced Microsoft Office skills (Word, Excel, PowerPoint, Teams, Outlook).Desirable

Cyber security certifications (CISM, SANS GICSP, ISO27001 Auditor/Implementor, cloud security badges etc.).
Educated to HND/Degree level.
Experience working within a high‑assurance security environment and knowledge of NIS regulations.

The Person

Self-motivated, autonomous, and able to operate confidently against strategic objectives.
Humble, collaborative, and considerate of people, processes, and technology.
Flexible and adaptable to evolving business needs and working methods.
Strong ability to prioritise and manage multiple concurrent workstreams.
Enthusiastic about learning, sharing knowledge, and improving processes.

Why Join VPI?

We are known for our ability to think and act quickly using deep energy intelligence. Our mission is to enable the energy transition - delivering the power needed today while building solutions for tomorrow.

VPI offers strong development opportunities, competitive salary and benefits, and the chance to contribute meaningfully to a dynamic and forward‑thinking organisation.

Ready to Apply?

If you're ready for your next challenge in a progressive environment, we'd love to hear from you.

Rullion celebrates and supports diversity and is committed to ensuring equal opportunities for both employees and applicants

Related Jobs

View all jobs

Supplier Risk Analyst

Chief Information Security Officer

Security Governance & Compliance Analyst - NIST, ISO

Associate SOC Analyst

Cyber Security Consultants - DV Cleared

Penetration Tester

Subscribe to Future Tech Insights for the latest jobs & insights, direct to your inbox.

By subscribing, you agree to our privacy policy and terms of service.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

Jobs

Penetration Tester Jobs in the UK: What Employers Actually Want in 2026

The demand for skilled professionals in cyber security has never been higher, and penetration testers sit at the very heart of this rapidly evolving industry. As organisations across the UK continue to digitise their operations, protect sensitive data, and defend against increasingly sophisticated threats, the need for ethical hackers has grown dramatically. If you are considering a career in this field—or looking to advance within it—it is essential to understand what employers are really looking for in 2026. This guide breaks down the current expectations, required skills, certifications, and practical experience that can help you stand out in a competitive job market.

Jobs

SOC Analyst Jobs UK 2026: Salaries, Skills & How to Get Hired

Cyber security is one of the UK's fastest-growing career paths — and SOC analyst is where most people begin. It's in high demand, genuinely accessible, and you don't need a degree or years of experience to get started. But knowing what UK employers actually want in 2026 — what they pay, which certs matter, and how to stand out — is a different matter. This guide covers all of it.

Careers

How Many Cyber Security Tools Do You Need to Know to Get a Cyber Security Job?

If you are trying to build or move forward in a cyber security career, it can feel like the list of tools you are expected to know never ends. One job advert asks for SIEM platforms, another mentions penetration testing tools, another lists cloud security, threat intelligence platforms, endpoint detection, scripting languages and compliance frameworks. Scroll LinkedIn and it gets worse. Everyone seems to “know” dozens of tools, certifications and platforms. Here is the reality most cyber security hiring managers agree on: they are not hiring you because you know every tool. They are hiring you because you understand risk, can think like an attacker and a defender, follow process, communicate clearly and make good decisions under pressure. Tools matter — but only when they support those outcomes. So how many cyber security tools do you actually need to know to get a job? For most job seekers, the answer is far fewer than you think. This article explains what employers really expect, which tools are essential, which are role-specific and how to focus your learning so you look credible, not overwhelmed.

🍪 We use cookies to enhance your browsing experience on our website. By continuing to use this site, you consent to the use of cookies as described in our Cookie Policy. You can review our Cookie Policy for more information.