1 to 25 of 549 Risk Analysis Jobs in the UK

systems, data, and infrastructure from threats and attacks. Key Responsibilities: Design and implement enterprise security architecture across systems, applications, networks, and cloud platforms. Conduct security assessments, threat modeling, and risk analysis for new and existing systems. Develop and maintain security policies, standards, and best practices aligned with industry frameworks (e.g., NIST, ISO 27001, CIS Controls). Collaborate with More ❯

real-time. Design and implement security solutions and controls, including firewalls, intrusion detection/prevention systems (IDS/IPS), and endpoint protection. Perform regular vulnerability assessments, penetration testing, and risk analysis. Collaborate with IT and development teams to ensure secure system architecture and application development. Maintain and enhance incident response procedures and disaster recovery plans. Investigate and document security … breaches, providing root cause analysis and remediation plans. Conduct security awareness training for staff and ensure compliance with internal policies and regulatory requirements (e.g., FCA, GDPR, ISO 27001). Stay up to date with the latest security technologies, trends, and threat intelligence. Essential Skills & Qualifications: Proven experience in a cyber security or information security engineering role. Strong knowledge of More ❯

sensitive data. This role supports business strategy in a dynamic environment. Responsibilities: Vulnerability Assessment: Conduct regular vulnerability assessments to identify security weaknesses in our systems, applications, and network infrastructure. Risk Analysis: Analyze and prioritize vulnerabilities based on risk level and potential impact on the organization. Mitigation Strategies: Develop and implement effective mitigation strategies to address identified vulnerabilities … vulnerability assessment findings, mitigation efforts, and overall security posture for senior management. Security: Engage in the design and support of all aspects of an information security program, including Governance Risk & Compliance, Security Operations, and Security Engineering with hands on engineering and administration of security tools, such as CrowdStrike, Qualys, and Splunk in collaboration with fellow security and IT professionals. … Required Skills and Qualifications: Demonstrable experience across multiple cybersecurity domains including vulnerability management, risk management, network security, Splunk engineering, and incident response. Experience analyzing impact of vulnerabilities and designing solutions across Windows, Mac, Linux, Cloud, Network, Labs, and OT. Technical experience designing solutions across Linux, Mac, and Windows platforms. Strong knowledge of common vulnerabilities and attack vectors, as well More ❯

CI/CD workflows and providing evidence as a service. According to Gartner, by 2026, 70% of enterprises will have integrated compliance as code into their DevOps toolchains, reducing risk management and improving lead time by at least 15%. Hence this is a significant opportunity to drive a positive transformation across the DevSecOps landscape delivering value to our … like NIST and FedRAMP and the audit process around demonstrating compliance effectively. Practical experience of the System Development Life Cycle, Software Development Life Cycle, and Agile framework Expertise in risk analysis, threat modeling, and vulnerability assessments Experience in coordinating with diverse cross-functional teams, including software engineers, designers, and stakeholders to drive the necessary outcomes. Strong technical abilities … reusable platform capability. It would be desirable , but not essentia l, if you also had one or more of Practical experience of ISO27001/27004/27005 or NIST Risk Management Framework (RMF); Experience in security accreditation e.g. PCI-DSS, FedRAMP, SSDF (NIST SP800-218), FISMA/NIST SP800-53, ISO 27001, DORA Cyber security certification e.g. Certified Information More ❯

CI/CD workflows and providing evidence as a service. According to Gartner, by 2026, 70% of enterprises will have integrated compliance as code into their DevOps toolchains, reducing risk management and improving lead time by at least 15%. Hence this is a significant opportunity to drive a positive transformation across the DevSecOps landscape delivering value to our … like NIST and FedRAMP and the audit process around demonstrating compliance effectively. Practical experience of the System Development Life Cycle, Software Development Life Cycle, and Agile framework Expertise in risk analysis, threat modeling, and vulnerability assessments Experience in coordinating with diverse cross-functional teams, including software engineers, designers, and stakeholders to drive the necessary outcomes. Strong technical abilities … reusable platform capability. It would be desirable , but not essentia l, if you also had one or more of Practical experience of ISO27001/27004/27005 or NIST Risk Management Framework (RMF); Experience in security accreditation e.g. PCI-DSS, FedRAMP, SSDF (NIST SP800-218), FISMA/NIST SP800-53, ISO 27001, DORA Cyber security certification e.g. Certified Information More ❯

standards and regulations Exception Management: Identify, document, submit and track instances where the implementation of security patches or configuration controls needs to be delayed for business or technical reasons Risk Assessment: evaluate potential risks and impacts of granting a security exception, considering immediate needs and long-term implications Exception Renewal: periodically review active exceptions to determine if they are … limited to, secure configuration management, data protection, security monitoring, incident response, patch management, governance, enterprise security strategies and architecture Understanding of security vulnerabilities, exploits, and mitigation techniques Knowledge of risk analysis, vulnerability assessment methodologies, and security baselines Clear understanding of various operating systems and versions, secure configuration and build images Experience with automation, scripting, and orchestration (Python, PowerShell More ❯

related to cloud security breaches and misconfigurations. Implement SIEM and security monitoring tools for real-time threat detection. Cloud Security Assessments & Compliance Conduct cloud security assessments, penetration testing, and risk analysis . Ensure compliance with ISO 27001, NIST, CIS Benchmarks, GDPR , and other security standards. Collaborate with DevOps teams to integrate security into CI/CD pipelines. Security More ❯

We can consider hybrid or fully remote work in the UK. We’re looking for a self-motivated and driven individual with a passion for technology risk management who is looking for an exciting role as a technology risk subject matter expert within the second line of defence (2LoD) Chief Risk Office. You will provide expertise, advice … and independent challenge around the Technology risk and control environment and play a crucial role in developing the technology risk strategy to protect Aztec from technology-related threats while enabling business growth and innovation. This role offers the successful candidate extensive opportunities for development and the opportunity to apply their knowledge of technology risk at a senior … level within a financial services environment. Key responsibilities: Development and delivery of Aztec’s technology risk strategy in line with the ERMF and the Chief Risk Office roadmap, regulatory requirements and industry best practice, such as COBIT5/ITIL. Ensure that key strategic risks and controls associated with cloud infrastructure, AI, data management, and wider digital transformation are More ❯

We can consider hybrid or fully remote work in the UK. We’re looking for a self-motivated and driven individual with a passion for technology risk management who is looking for an exciting role as a technology risk subject matter expert within the second line of defence (2LoD) Chief Risk Office. You will provide expertise, advice … and independent challenge around the Technology risk and control environment and play a crucial role in developing the technology risk strategy to protect Aztec from technology-related threats while enabling business growth and innovation. This role offers the successful candidate extensive opportunities for development and the opportunity to apply their knowledge of technology risk at a senior … level within a financial services environment. Key responsibilities: Development and delivery of Aztec’s technology risk strategy in line with the ERMF and the Chief Risk Office roadmap, regulatory requirements and industry best practice, such as COBIT5/ITIL. Ensure that key strategic risks and controls associated with cloud infrastructure, AI, data management, and wider digital transformation are More ❯

products and services, recommending best-fit solutions. Support incident investigations and security control enhancements. Ensure security architectures align with industry frameworks such as TOGAF and SABSA. Key Deliverables Gap Analysis Report: Assessing current security posture against NIST 800-53. Security Control Mapping: Documenting alignment of existing controls with compliance frameworks. Implementation Plans: Designing and deploying new security controls. … least 2 years in a similar role. Strong knowledge of NIST 800-53, ISO27001, PCI DSS, and COBIT. Experience with security frameworks (SABSA, TOGAF). Understanding of threat and risk analysis methodologies. Experience in cloud security (Azure, AWS, Google). Ability to work in high-security HMG and MOD environments. Desirable Certifications CompTIA Security+, CISSP, CISM, CCSP, TOGAF … SABSA SCF. CESG Certified Cyber Professional (CCP) in Security Architecture or Risk Management. ISO27001 Lead Auditor. More ❯

designs. Conduct security reviews and assurance activities to validate security compliance across IT and OT systems. Provide security guidance and direction to stakeholders, ensuring alignment with security frameworks and risk management practices. Participate in cyber analysis activities, assessing outputs to help shape security direction and strategy. Implement security tools and technologies, supporting their integration into existing security architecture. … the utilities sector or similar critical infrastructure environments. Strong understanding of how enterprise security architecture fits into broader business and IT strategies. Hands-on experience conducting security assessments and risk analysis within IT and OT environments. Seniority level Mid-Senior level Employment type Contract Job function Information Technology Industries Utilities and IT Services and IT Consulting #J More ❯

meaningful security transformation. Key Responsibilities As part of a versatile consulting team, you’ll support clients across various industries with end-to-end security services. Responsibilities include: Security Assessments & Risk Management : Conduct security assessments, risk analysis, and provide incident response guidance. Identify and prioritise remediation actions. Security Solution Design : Design and implement bespoke cyber security solutions using More ❯

and guidance to develop reliable, secure, and compliant security solutions tailored to project needs. Your responsibilities include: Advising on high-level security architecture and contributing to design processes, including risk assessments Consulting on security component architectures (e.g., SIEM, IAM, gateways) Evaluating architectures against policies and standards (NIST, ISO, JSP) Justifying architectural decisions Coordinating across multidisciplinary teams Presenting solutions to … recognized as a valuable contributor to sensitive programs. COMPETENCIES: You can independently define architectures, are proficient in Infrastructure Security, Security Supervision, and Information Systems Security. You are familiar with Risk Analysis, Network Security, Cryptography, IAM, cloud technologies, and compliance monitoring. You excel in working with customers and technical teams. NICE TO HAVE: Domain expertise in Defence, Nuclear, Government … Aerospace, CNI, Transport; experience in Risk Management and Accreditation. CAREER DEVELOPMENT: Thales offers opportunities to explore different domains, roles, and international careers. We support personal growth, talent development, and career flexibility within our global organization. Candidates must provide proof of identity, work eligibility, and employment/education history for up to three years. Some roles may require full Security More ❯

or efficiency, of the Cyber Security team, by identifying innovative, problem-solving solutions. Create and maintain appropriate standard operating procedures for the Cyber Security and information protection. Support on Analysis & Planning Activities Identify, respond, predict and analyse security breaches and threats to determine their root cause and report findings to relevant stakeholders on cyber-security threats, attacks, incidents, and … Information Security Establish plans and protocols to protect digital files and information systems against unauthorized access, modification and/or destruction within mandate Assessment of the organisation's technology risk exposure and measurement of the various parameters that make up technology risks. Support the Design for your area of responsibility Work closely with other stakeholders to design, architect, consult … the desired outcomes and success criteria which is to be the baseline for post project review and benefit realisation validation, as well as measuring positive effects. Contribute to project risk management consulting and technical reviews, drafting mitigation plans and delivering on any actionable items allocated Draft procedures and or policies with regards to cyber security submitting them to the More ❯

with customers to define and implement Cyber Security Operations capabilities within their organisations. Assists customers in the routine application and interpretation of SOC security legislation, standards, policies and practices. Risk Assessment and Vulnerability Analysis: Perform thorough assessments of clients’ SOC systems, identifying security gaps, and vulnerabilities. Conduct risk analyses to determine potential impacts on operations and prioritize … Understanding of SOC/SIEM configurations and possesses the ability to test, diagnose, configure and maintain SOC systems. Produce security architecture design documents that have been created through an analysis of the potential risks, which has taken into account threats and likely attack routes to a system and produces pragmatic security controls. Selection of appropriate security components to provide … department policies. Ability to analyse information and produce reports, network diagrams and recommendations on how to improve security monitoring and detection. Ability to plan, control, report and manage the risk for a defined package of work to ensure delivery of on-time, budget and quality products. This role will require SC Clearance. It would be advantageous if currently held More ❯

Cyber Security operation's function is responsible for the day-to-day provision of enterprise cyber security services to support the business. These services include all aspects of Cyber Risk Management, implementation and maintenance of technical security controls, vulnerability and patch management and operate effective incident management and cyber investigations. The department’s key objective is to ensure Insight … policies and standards • Supporting internal and external audits evidence gathering of cyber security • Chairing Vulnerability management meetings and following through on reports and remediations with the tech teams. Performing risk analysis on when vulnerability management incidents • Being integral to projects related to Security Operations • Staying up to date with the latest threat intelligence and threat hunting methodologies to More ❯

and improve the user experience. This role plays a critical role in supporting the successful delivery of projects within BMfS by applying robust Project Controls processes across planning, scheduling, risk, cost, and resource management. This role ensures integration and coherence across multiple projects, enabling effective control, informed decision-making, and alignment with the overall programme strategy. The post holder … to HEO Project Control Managers, ensuring consistency in approach and contributing to the achievement of programme objectives. The role oversees the development and maintenance of integrated schedules, supports schedule risk analysis, and ensures that milestone tracking and interdependencies are effectively managed. In addition, the Senior Project Controls Manager will provide expert advice to senior leaders, support governance and … assurance activities, and promote a culture of proactive risk and issue management. The role requires extensive experience in Project Controls and programme environments, with a strong understanding of transformational change, stakeholder engagement, and the application of best practice methodologies. This role will have line management responsibilities. This position is advertised at 37 hours per week. Job Description Schedule and More ❯

support the continued development of a robust security programme across cloud-based IT services and managed environments (particularly Microsoft 365 and Azure). This role spans security operations, governance, risk, and assurance , and will suit someone with a blend of hands-on technical skills and strategic thinking. What You'll Be Doing: Support and improve day-to-day security … operations, incident response, and vulnerability management. Lead on security investigations and ensure remediation is aligned with industry best practices. Conduct risk assessments and provide security consultancy for technical projects and service design. Help maintain ISMS policies and ensure regulatory compliance (e.g. PCI-DSS, GDPR, FCA). Play a key role in cloud security strategy across Azure/M365 and … in a security-focused role with exposure to frameworks like PCI, ISO27001, or FCA compliance. Deep understanding of Microsoft cloud environments and hands-on experience with technical controls. Excellent risk analysis, stakeholder engagement, and documentation skills. Relevant qualifications such as CISSP, CompTIA Security+, AZ-500, or MS-500 are highly desirable. Seniority level Seniority level Mid-Senior level More ❯

Role overview: Working for a security vendor, the Security team are accountable for the company's Information Security, Security Architecture, Security Compliance, Security Awareness, Security Operations and Information Security Risk Management Activities. You'll work closely with development and operational teams to design, implement/recommend application security controls. This is a new role for the company requiring a … will have a background in software development. Main tasks and responsibilities: Assess and identify gaps in current application security controls and provide guidance to resolve and remediate based on risk to the business Working with the DevOps teams, establish and design processes to improve the secure development of products and services during the SDLC Provide guidance and support during … with knowledge of Application Security Frameworks e.g. OWASP SAMM/DSOMM etc Hands-on knowledge of information security processes such as security design review, threat modelling, OWASP Top 10, risk analysis, and software testing techniques Strong understanding of application security awareness, including the security of web applications Experience with risk management activities - identifying, assessing and providing remediation More ❯

will ensure that the Bank maintains high standards of security, privacy, and compliance, contributing to our mission of promoting sustainable development across our regions of operation. Aboutthe Department Operational Risk Management (ORM) is part of the Bank’s Risk Management group and forms the second line of defence . ORM is responsible for independently identifying, assessing, and supporting … data subject requests and support the Personal Data Review Panel on personal data-related complaints. Advise on IT and business projects with respect to InfoSec and privacy risks. Maintain risk registers , provide ongoing risk analysis, and contribute to risk mitigation plans. Support completion and review of Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs … . Manage BAU activities , including: Social engineering exercises. Supplier assurance assessments. Risk assessments for business processes and technologies. Research emerging threats and evaluate applicability to the Bank’s operations. Monitor changes in regulations and best practices , document and propose updates, agree on changes with the Head of Information Security, and implement project plans. Work extensively with IT , particularly the More ❯

development of high level security compliant architecture and contribution to the design of the preliminary and detailed designs of the solution: it includes the study of alternatives and a risk assessment Consult on potential security components architectures (e.g. SIEM, IAM, gateways, detection and deception capabilities ) Evaluate architectures against Business Line policy and major cyber security standards & regulation frameworks (NIST … You are proficient with Infrastructure Security Design, Security Supervision Design, and Information Systems Security (ISS) You can advise and give support to the rest of the team Familiar with Risk Analysis, Network Security, Cryptography, Identity & Access Management (software/hardware development, the NIST Cybersecurity Framework, cloud technologies) Able to monitor and measure risk as well as compliance … You have the ability to work with customers and technical teams NICE TO HAVE: Domain knowledge - Defence, Nuclear, Government, Aerospace, CNI, Transport Risk Management and Accreditation YOUR CAREER AT THALES Future opportunities will allow you to discover other domains or sites. You will be able to evolve and grow your competences in different areas: Room and attention to personal More ❯

development of high level security compliant architecture and contribution to the design of the preliminary and detailed designs of the solution: it includes the study of alternatives and a risk assessment Consult on potential security components architectures (e.g. SIEM, IAM, gateways, detection and deception capabilities...) Evaluate architectures against Business Line policy and major cyber security standards & regulation frameworks (NIST … You are proficient with Infrastructure Security Design, Security Supervision Design, and Information Systems Security (ISS) You can advise and give support to the rest of the team Familiar with Risk Analysis, Network Security, Cryptography, Identity & Access Management (software/hardware development, the NIST Cybersecurity Framework, cloud technologies) Able to monitor and measure risk as well as compliance … You have the ability to work with customers and technical teams NICE TO HAVE: Domain knowledge – Defence, Nuclear, Government, Aerospace, CNI, Transport Risk Management and Accreditation YOUR CAREER AT THALES Future opportunities will allow you to discover other domains or sites. You will be able to evolve and grow your competences in different areas: Room and attention to personal More ❯

Key Responsibilities: Implement and manage security technologies, including firewalls, intrusion detection/prevention systems (IDS/IPS), SIEMs, and endpoint protection Conduct threat and vulnerability assessments, penetration testing, and risk analysis activities Design and deploy security controls that align with enterprise architecture and regulatory requirements Support secure configuration and hardening of systems, applications, and infrastructure Monitor and respond More ❯

Ensure security is prioritised through automation tools, security testing, and vulnerability scanning as part of the continuous delivery process. Security Assessments & Incident Response : Conduct security assessments, vulnerability scans and risk analyses to identify and address potential security weaknesses within cloud environments. Support the security operations team in incident response efforts related to cloud security incidents, ensuring timely detection, containment More ❯

security vulnerabilities and threats through automation and proactive monitoring. Define and enforce security policies and best practices for cloud usage across the organization. Conduct regular security assessments, audits, and risk analysis on cloud-based systems. Collaborate with DevOps to integrate security into CI/CD pipelines (DevSecOps). Manage identity and access controls (IAM) to enforce least privilege … principles. Respond to security incidents and lead root cause analysis for cloud-related security breaches. Stay current with the latest cloud security trends, threats, and technologies. Required Qualifications Bachelors degree in Computer Science, Cybersecurity, or a related field (or equivalent experience). 3+ years of experience in cybersecurity with at least 2 years focused on cloud security. Hands-on More ❯