Risk Analyst

Job Summary:

The Risk Analyst will play a critical role in supporting the design and implementation of effective and robust security systems. This role focuses on identifying, analysing, evaluating and documenting risks associated with security system designs and architectures. The Risk Analyst will work closely with the BRAM protective design PgM and business stakeholders to ensure that security risks are appropriately addressed throughout the system development lifecycle. This role requires strong analytical skills, a deep understanding of security principles and the ability to communicate complex risk information clearly and concisely to both technical and non-technical audiences.

Key Responsibilities:

1. Risk Identification & Assessment:

• Conduct analysis of proposed and existing BRAM risk reports, security system designs, architectures and technologies, including physical, electronic and procedural security controls.
• Identify potential threats, vulnerabilities and consequences associated with security systems, considering internal and external factors, business operations and compliance requirements.
• Utilise various risk assessment methodologies (e.g., qualitative, quantitative, threat modeling, vulnerability scanning) to analyse risks and determine their potential impact.
• Prioritise risks based on their likelihood and impact, considering business objectives, risk appetite and regulatory constraints.

2. Risk Mitigation & Treatment:

• Collaborate with security architects and engineers to develop and evaluate risk mitigation strategies for identified security risks.
• Recommend appropriate security controls and countermeasures to reduce risks to acceptable levels, considering technical feasibility, cost-effectiveness, and operational impact.
• Support the development of security design principles, standards and guidelines to ensure consistency and alignment with best practices.
• Assist in the selection and implementation of security technologies and solutions, ensuring they adequately address identified risks.

3. Documentation & Reporting:

• Create and maintain comprehensive documentation of risk assessments, including threat models, vulnerability analyses, risk registers and mitigation plans.
• Prepare clear and concise risk reports for stakeholders, summarising key findings, recommendations and residual risks.
• Communicate risk information effectively to both technical and non-technical audiences, tailoring the level of detail and language as appropriate.
• Track and monitor the status of risk mitigation activities, ensuring they are implemented as planned and are effective in reducing risks.

4. Collaboration & Communication:

• Work closely with security architects, engineers, project managers and business stakeholders throughout the system development lifecycle.
• Provide expert advice and guidance on security risk management principles and best practices.
• Participate in design reviews, security assessments and audits to ensure that security risks are adequately addressed.
• Stay up-to-date on emerging security threats, vulnerabilities, technologies, regulations and incorporate this knowledge into risk assessments.

5. Compliance & Standards:

• Ensure that security systems and designs comply with relevant industry standards, regulations, and internal policies.
• Support the development and maintenance of security policies, procedures and standards related to security systems design and risk management.

SLA/KPI Focus Areas:

• In adherence to current MCMS SLA's

Educational Background

• Bachelor’s Degree (Essential):
• Relevant fields: Cybersecurity, Information Security, Risk Management, Engineering, Computer Science, or a related discipline.
• A postgraduate degree (MSc) in Risk Management or Cybersecurity would be advantageous.
• Alternative Pathways:
• Equivalent professional certifications or vocational training in security systems or risk management may substitute for formal degrees.

Professional Certifications Desirable not essential

Security and Risk Management Certifications

• Certified Information Systems Security Professional (CISSP) – (Offered by (ISC)²):
• Covers risk management, security architecture, and compliance, making it ideal for this role.
• Certified in Risk and Information Systems Control (CRISC) – (Offered by ISACA):
• Focuses on risk identification, assessment, mitigation, and reporting.

Specialised Certifications

• Certified Protection Professional (CPP) – (ASIS International):
• Focuses on physical security, threat identification, and risk analysis.
• Physical Security Professional (PSP) – (ASIS International):
• Covers risk analysis for physical security systems, making it directly relevant.
• ISO 31000 Risk Management Certification – (Offered by BSI):
• Aligns with international standards for risk management best practices.
• SABSA (Sherwood Applied Business Security Architecture):
• Focused on security architecture and risk management.

Soft Skills and Supporting Training

• Communication and Report Writing: Professional training in technical writing and presentation skills.
• Project Management Certification:
• Agile Project Management (e.g., PRINCE2 Agile).
• Certified Scrum Master (CSM).
• Regulatory Knowledge:
• Training on GDPR and compliance for UK businesses.
• Open-Source Intelligence (OSINT): Training on gathering and analysing publicly available information for risk assessments.

Job Types: Full-time, Permanent

Pay: £37,500.00 per year

Benefits:

• Casual dress
• Company pension
• Free parking
• On-site parking
• Sick pay

Schedule:

• Holidays
• Monday to Friday

Education:

• Bachelor's (preferred)

Experience:

• Risk analysis: 2 years (preferred)

Language:

• English (required)

Work authorisation:

• United Kingdom (required)

Location:

• Belfast BT3 9JP (required)

Work Location: In person

Reference ID: MCMS-NI-12.1/24

‍