Senior Cyber Risk & Assurance Analyst

About the Role

We are seeking a skilled and motivated Cyber Security Risk & Assurance Analyst to support the development and continuous improvement of our cyber and information security framework. This role plays a key part in identifying, assessing, and managing security risks while ensuring compliance with internal policies and external standards.

You will work closely with cross-functional teams to strengthen security controls, support assurance activities, and provide meaningful insights to support informed decision-making.

Key Responsibilities

• Support the development, implementation, and continuous improvement of cyber and information security risk frameworks, policies, and procedures
• Conduct security risk assessments across business units and projects, identifying vulnerabilities and recommending mitigation strategies
• Maintain and update the information security risk and controls register
• Monitor compliance with internal policies and external regulatory requirements, supporting audits and reviews
• Perform risk and control assessments, including control effectiveness reviews and assurance activities
• Prepare clear and concise reports and dashboards on risks, compliance status, and emerging threats
• Develop and refine cyber security metrics and performance indicators for reporting
• Collaborate with stakeholders to integrate security risk practices into business processes and project delivery
• Support cyber security awareness initiatives through training and communication
• Stay up to date with emerging cyber threats, regulatory obligations, and industry best practices

Key Requirements

• Demonstrated experience in cyber security risk management, assurance, or compliance functions within a complex organisation
• Experience conducting security audits, including planning, execution, and reporting
• Knowledge and experience with VPDSS frameworks
• Working knowledge of security frameworks and standards such as ISO 27001, NIST, or similar
• Ability to perform risk assessments, evaluate control effectiveness, and recommend improvements
• Strong analytical and problem-solving skills
• Excellent written and verbal communication skills, with the ability to engage both technical and non-technical stakeholders

Desirable Skills & Experience

• Experience in a public sector or highly regulated environment
• Familiarity with risk management tools and reporting dashboards

Qualifications

• Bachelor’s degree or higher in Information Technology, Business, or a related discipline (or equivalent experience)

Please apply with current resume in Microsoft Word format only (.doc or .docx). If you would like to have a confidential discussion, please contact Krunal Patel on Krunal.Patel@davidsonwp.com, quoting reference JN -052026-43203. Want to know more about Davidson? Visit us at www.davidsonwp.com