Cyber Risk Analyst

  • Full Time
  • Bristol

Website WTHBristol Women's Tech Hub


Excited to grow your career?

The companies mission is to ‘help people save and invest with confidence’. They are looking for great people to join them.

JOB TITLE: Cyber Risk Analyst
CAREER DEVELOPMENT PATH: Assistant Managing of Specialising
REPORTING TO: Cyber Risk Manager

The Cyber Risk Analyst (InfoSec Analyst) is a specialist role with the primary focus being Information Security Governance, Risk & Compliance. The Cyber Risk Analyst supports the senior Cyber Risk team in ensuring that key information security risks across all of the group are identified and considered.. This requires a mixture of technical and non-technical information security risk experience.

This role will be home-based at minimum for the remainder of 2020.  Longer-term it will be primarily home-based, but with a requirement to travel to the Bristol office for key team meetings, at minimum multiple times a month.


The company knows that sometimes the ‘perfect candidate’ doesn’t exist and that people can be put off applying for a job if they don’t tick every box. If you’re excited about working for them and have most of the skills or experience they’re looking for, please go ahead and apply. You could be just what they need!

Experience / skills

  • Minimum 2 to 3 years’ experience in a Cyber Risk or Information Security role. Ideally in a regulated environment, such as the finance sector
  • Must be certified to basic security standards, for example SSCP, COMPTIA Security+
  • Have a good understanding of security across – policy, culture, forensics, incident response, and risk management. Have practical work-based experience in at least three of these areas
  • Good exposure to security risk management in a ISO27001 aligned environment
  • Be able to understand both technical and non-technical security controls, and how they are applied in a business context
  • Have had good exposure to assessing the adequacy of security controls, and exposure to designing security controls, with a specific focus on threat and vulnerability.


  • Have had good exposure to assessing the adequacy, and effectiveness of the wider IT risk & control environment, plus some exposure to designing IT controls
  • Exposure to COBIT
  • Hold one or more of the following, CISA, CISSP, CRISC , CCSP
  • Experience of GRC toolsets, and or risk management toolsets
  • Exposure to AWS, O365, Azure security standards


  • Performance-related annual bonus scheme
  • 25* days holiday, plus 8 bank holidays, plus additional Christmas closure time
  • Option to purchase up to an additional 5 days holiday each year
  • Pension scheme – up to 19% contribution
  • Flexible working options available
  • Enhanced parental leave benefits
  • Variety of travel to work schemes, including season ticket loans and cycle to work
  • Bike storage and shower facilities
  • Employee assistance programme
  • Volunteering opportunities
  • Annual events, activities and sports groups
  • Smart casual dress policy and dress down Fridays

The company is an inclusive employer that values diversity in its workforce. They encourage applications from all individuals without regard to race, religion, gender, sexual orientation, national origin, disability or age.
This role may also be available on a flexible working or part-time basis – please ask the Talent Acquisition team for more information.

Please note, they are unable to provide employment sponsorship to candidates.

To apply for this job email your details to