At a Glance
- Tasks: Conduct application risk assessments and manage security risks for a global team.
- Company: Join a leading global Information Security team in the heart of London.
- Benefits: Enjoy hybrid work options and competitive pay, with potential for contract extension.
- Why this job: Make an impact by safeguarding applications while collaborating with diverse teams.
- Qualifications: 5+ years in Risk Management; strong understanding of security frameworks and application assessments.
- Other info: Opportunity to work in a dynamic environment with multinational collaboration.
The predicted salary is between 43200 - 72000 £ per year.
Contract: Risk Analyst - Application Risk Assessment
Location: London Wall, London (Hybrid - 3 days onsite per week)
Start Date: ASAP
Duration: Until End of Year (Potential Extension)
Inside IR35 Rate: £negotiable (Deemed inside IR35 via umbrella)
Reference: 19341
Immediate contract for an experienced Risk Analyst - Application Risk Assessment to help deliver a project for a global Information Security team. You will support the evaluation and management of security risks introduced by applications across the enterprise. Undertake a secure project lifecycle assessment for every application.
Key Responsibilities:
- Conduct Application Risk Assessments (ISARA) in line with global security standards and frameworks
- Serve as the liaison between IS, IT, and business stakeholders to identify and assess application-related risks
- Facilitate the risk evaluation process, including formatting, data collection, and impact assessments
- Perform control assessments to determine control effectiveness
- Use defined risk methodologies (eg FAIR, ISO 31000) to rate risks and update internal risk registers
- Propose, document, and follow through on remediation plans and action items
- Monitor risk remediation efforts and ensure timely updates in governance tools
- Review major application changes and ensure associated risk documentation is up to date
- Provide weekly and monthly risk reporting, including key metrics and residual risk summaries
- Represent Information Security in cross-functional business discussions, clearly articulating risks, controls, and policy alignment
Required Skills & Experience:
- 5+ years of experience in Risk Management and/or Information Security
- Proven experience conducting application-level security risk assessments
- Strong understanding of secure software and network architecture
- Risk management frameworks (eg ISO 3100X, NIST 800-30/37/39, ENISA, EBIOS, OCTAVE, FAIR)
- OWASP Top 10, encryption, data classification, and secure data flows
- Ability to read and interpret HLDs/LLDs to identify risk controls and gaps
- Expertise with Microsoft Office suite (Excel, Word, PowerPoint, SharePoint)
- Excellent verbal and written communication skills, including experience communicating with C-level stakeholders
- Background in multinational environments with cross-functional collaboration
- Strong attention to detail with advanced analytical and reporting capabilities
Preferred Qualifications:
- Industry certifications (eg CISSP, CISM, CRISC)
- Experience working with Mitre ATT&CK, ISO 27001, or similar InfoSec frameworks
- Exposure to enterprise-grade risk management tools and reporting platforms
Networking People (UK) is acting as an Employment Business in relation to this vacancy.
Risk Analyst in City of London employer: Networking People (UK) Limited
Contact Detail:
Networking People (UK) Limited Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Risk Analyst in City of London
✨Tip Number 1
Familiarise yourself with the specific risk management frameworks mentioned in the job description, such as ISO 31000 and NIST. Being able to discuss these frameworks confidently during your interview will demonstrate your expertise and alignment with the role.
✨Tip Number 2
Brush up on your knowledge of OWASP Top 10 vulnerabilities and how they relate to application security. Prepare examples of how you've previously identified and mitigated these risks in past roles to showcase your practical experience.
✨Tip Number 3
Network with professionals in the information security field, especially those who have experience in application risk assessments. Engaging with industry peers can provide insights and potentially lead to referrals that could strengthen your application.
✨Tip Number 4
Prepare to articulate your experience with cross-functional collaboration, particularly with C-level stakeholders. Highlighting your ability to communicate complex risk concepts clearly will be crucial in demonstrating your fit for this role.
We think you need these skills to ace Risk Analyst in City of London
Some tips for your application 🫡
Tailor Your CV: Make sure your CV highlights relevant experience in risk management and application security. Focus on your 5+ years of experience and any specific projects that align with the job description.
Craft a Strong Cover Letter: In your cover letter, emphasise your understanding of risk management frameworks and your ability to conduct application-level security risk assessments. Mention your familiarity with OWASP Top 10 and other relevant standards.
Showcase Relevant Skills: Clearly outline your skills in secure software architecture, risk methodologies, and your proficiency with Microsoft Office tools. Highlight any industry certifications you hold, such as CISSP or CISM.
Prepare for Communication: Since the role involves liaising with C-level stakeholders, prepare examples of how you've effectively communicated risks and controls in previous roles. This will demonstrate your strong verbal and written communication skills.
How to prepare for a job interview at Networking People (UK) Limited
✨Understand the Risk Frameworks
Familiarise yourself with key risk management frameworks such as ISO 31000 and NIST. Be prepared to discuss how you have applied these frameworks in your previous roles, especially in relation to application risk assessments.
✨Showcase Your Technical Knowledge
Demonstrate your understanding of secure software and network architecture. Be ready to explain how you interpret high-level designs (HLDs) and low-level designs (LLDs) to identify security risks and controls.
✨Prepare for Scenario-Based Questions
Expect scenario-based questions that assess your problem-solving skills in real-world situations. Think about past experiences where you had to evaluate risks or propose remediation plans, and be ready to share those examples.
✨Communicate Effectively with Stakeholders
Highlight your experience in liaising with various stakeholders, including C-level executives. Practice articulating complex security concepts in a clear and concise manner, as this will be crucial in cross-functional discussions.