Information Security Risk Analyst
Position Overview
We are seeking an Information Security Risk Analyst to support enterprise-wide information security risk assessment and monitoring activities. This role reports to senior risk leadership and is responsible for identifying, assessing, monitoring, and communicating information security risks across technology platforms, products, services, and third parties.
Key Responsibilities
- Conduct information security risk assessments across the organization to identify, evaluate, quantify, and manage risks throughout the lifecycle of systems, products, and services.
- Contribute to and enhance a continuous information security risk monitoring program.
- Prepare executive- and management-level reporting, including risk metrics (KRIs/KPIs), risk profiles, program status updates, and risk acceptance documentation.
- Perform periodic and ad-hoc testing or reviews to validate the effectiveness of information security controls.
- Escalate identified risks and control deficiencies to appropriate stakeholders and leadership.
- Partner with technology, security, and business teams to assess risks associated with technology-enabled initiatives.
- Perform third-party and vendor security risk assessments, including:
- Review of vendor security controls and practices
- Analysis of security testing reports
- Development and assessment of security requirements
- Support for residual risk management
- Maintain awareness of emerging technologies, information security risks, industry best practices, and regulatory requirements.
Required Qualifications
- Bachelor's degree in a related field such as risk management, information systems, business, finance, economics, or similar discipline.
- 2-3 years of experience performing risk assessments (e.g., RCSA or similar).
- Ability to work closely with technical teams and translate risk concepts between technical and non-technical stakeholders.
- Understanding of risk appetite, tolerance, and how business or technology changes affect risk profiles.
- Ability to track and communicate regulatory or emerging risk impacts to management.
Preferred Qualifications
- Exposure to IT governance frameworks (e.g., COBIT, ITIL, FFIEC, COSO, or similar).
- Strong analytical and problem-solving skills.
- Comfortable working independently while collaborating across teams and organizational levels.
- Proactive, detail-oriented, and capable of exercising sound judgment in risk-based decision-making.
FAQs
Congratulations, we understand that taking the time to apply is a big step. When you apply, your details go directly to the consultant who is sourcing talent. Due to demand, we may not get back to all applicants that have applied. However, we always keep your CV and details on file so when we see similar roles or see skillsets that drive growth in organisations, we will always reach out to discuss opportunities.
Yes. Even if this role isn’t a perfect match, applying allows us to understand your expertise and ambitions, ensuring you're on our radar for the right opportunity when it arises.
We also work in several ways, firstly we advertise our roles available on our site, however, often due to confidentiality we may not post all. We also work with clients who are more focused on skills and understanding what is required to future-proof their business.
That's why we recommend registering your CV so you can be considered for roles that have yet to be created.
Yes, we help with CV and interview preparation. From customised support on how to optimise your CV to interview preparation and compensation negotiations, we advocate for you throughout your next career move.