Senior Cyber Risk Analyst

Senior Cyber Risk Analyst

Warwick

The Senior Cyber Risk Analyst role will perform system level risk identification and management for NIS critical systems. This role is scoped to Operational Technology (OT) where systems support the operation of the essential service to deliver electricity transmission across England and Wales.

This role will involve collaboration with cross-functional teams and implement risk management strategies tailored to the unique cyber challenges faced. Ensuring risks are understood by stakeholders, are documented and appropriate risk mitigation strategies are in place for our critical environments.

This role will:

• Provide up to date risk capture for NIS critical systems supporting OFGEM reporting requirements.
• Document and justify NIST CSF controls process maturity and coverage.
• Identification of gaps and findings foundational to improvements plans in our NIS critical environment.

Key stakeholders will include:

• Functional teams and embedded risk resources
• Global central Strategic Risk group who provides a risk framework for high level risks

Key accountabilities:

• Capture and risk assess vulnerabilities and deviations from the target state against an agreed risk framework.
• Development of cyber security policies and specifications to reduce risk, improve organisational cyber maturity and support compliance with the NIS Regulation.
• Support the business to understand cyber security risk requirements for NIS critical systems through engagement with functional resources.
• Support the business to understand cyber & physical security risks through appropriate reporting and communication of current risks and vulnerabilities.
• Support the development of justifications for investment in additional cyber security controls.
• Ensure risks are documented, managed, and monitored using approved frameworks and reported via the appropriate governance forums.
• Conduct risk assessments and support embedded business risk resources with risk assessments of NIS Critical systems with associated subject matter experts.
• Collecting data to support risk metrics.
• Ensure Cyber risks are investigated and triaged in accordance with risk management frameworks.

Interpersonal, Supervisory or Management

• Experience of informing changes to specifications or policies based on risks.
• Experience communicating difficult and standard issues associated with areas of expertise in a clear and concise manner both verbally & in writing.
• Eager to develop their business and technical skills, you will be comfortable breaking new ground and changing the way the business makes decisions.

Technical or Specialist

• Technical understanding of the Operational Technology (OT) assets, Networks and systems used within a Transmission environment.
• Experience of applying risk assessment processes and frameworks
• Familiarity with operational practices and processes used to support and manage OT assets.
• Detailed understanding of how cyber security risks can manifest within networks, devices, and systems.
• Understanding of asset management principles, including risk management, decision making, planning, asset lifecycle and asset data/information.
• Familiarity with international standards related to cyber security including IEC62443 and IEC62351
• Excellent Office 365 skills - including Excel and SharePoint
• Proficiency in Power BI and Visio desirable.

Experience

• Experience in managing Cyber Security Risk within Operational Technology
• Experience in Cyber Security (Risk management, Strategy, Ops, etc.)
• Communicating complex messages both verbally and in writing using quantitative & qualitative measures.
• Experience with MITRE ATT&CK desirable
• Able to operate as a highly independent motivated worker and as part of a strong team with a collaborative approach, delivering high-quality outputs.
• Previous experience of OT