Cyber Security Analyst, Risk

Together, we’re working to welcome millions more passengers, while ensuring aviation can continue to be a force for good by leading global efforts in sustainability. At Heathrow, you can be part of this – providing solutions that make every journey better for millions each year. That means ensuring we meet the changing needs of the passengers, colleagues and partners who use our airport to work, travel, trade, shop, eat, explore and connect.

Our Solutions team covers project management, process improvement, business change, technology, cyber defence, masterplanning, infrastructure and procurement. It brings together people with the skills to deliver prestigious and often large-scale projects, from transforming terminals to making big reductions in our carbon emissions. Every day will test your skills and give you the opportunity to make your mark.

The Cyber Security Analyst, Risk sits within the Cyber Security Governance, Risk and Compliance team and is responsible for supporting the day-to-day oversight and management of cyber risk across the organisation. The role focuses on ensuring that cyber risks are effectively identified, assessed, documented and managed in accordance with Heathrow’s policies, enterprise risk framework and recognised industry best practice.

Your role will involve:

• Assist in the management and continuous improvement of relevant policies relating to cyber risk management, ensuring that these align to recognised best practice.
• Help mature and drive effective cyber risk management practices across the business, ensuring that risks are identified, assessed, and managed appropriately and in line with Heathrow policies and relevant good practice.
• Support the implementation of modern risk management tooling, including ensuring appropriate business engagement and support, in order to maximise the value of the tool.
• Participate in internal and external audits, including relevant follow-up activity.
• Support the delivery of Heathrow’s third-party risk management programme.
• Compile and analyse data for management reporting and metrics.
• Maintain a comprehensive and current understanding of Cyber Security and Information Security threats.
• Track and follow-up with Risk owners to ensure risks are being appropriately remediated according to agreed timescales and approach.

These Skills Are Essential:

• Proven experience operating in cyber risk roles.
• Experience in mixed IT/OT environments would be advantageous.
• Relevant risk, assurance and/or cyber leadership certifications, such as CISSP, CISM, C-RISC, CISA, ISO 27001 Lead Auditor / Lead Implementor would be advantageous.
• Knowledge and understanding of key Information Security controls/processes.
• Experience applying Cyber Risk Management frameworks (e.g. ISO 27005, NIST Risk Management Framework, etc) in complex operational environments.
• Understanding of cyber security standards and frameworks, in particular ISO 27001, NIST Cybersecurity Framework v2.0, and the NCSC Cyber Assessment Framework.
• Understanding of the UK regulatory landscape for cyber security and resilience, including the Network and Information Systems Regulations 2018.
• Knowledge and experience of relevant aviation security frameworks (e.g. CAP1753) would be advantageous.

Heathrow is an amazing backdrop to a career filled with unique opportunities. Every day, you’ll discover a world full of fresh possibilities and end the day buzzing with stories to tell, as you encounter people from all cultures, nationalities and experiences. A world full of pride for what we do and no end of exciting career prospects to explore.

We offer competitive salaries and excellent benefits that will support you now and in the future. As well as performance-based annual bonuses and our longer-term Share in Success Bonus plans, we also offer generous annual leave allowances and market-leading pensions. With family friendly policies, access to private health insurance and a wide range of wellbeing tools, we’ll support you to be at your best inside and outside work. And of course, we’ll provide varied learning and development opportunities too.

Our Hybrid working approach offers the opportunity for colleagues in some roles to work from home for an average of two days a week, providing the flexibility to work in an agile way whilst ensuring we deliver for the operational needs of Heathrow. Working arrangements vary from team to team and will be confirmed during the recruitment process. You’ll need to be based in the UK and within a commutable distance to Heathrow.

As an equal opportunities employer, we encourage applications from all. We believe that diverse talent makes us stronger – not least because we welcome passengers from all corners of the globe, every single day. Heathrow is an accessible place to work. With five diversity networks, we champion inclusivity and celebrate individuality.