We're looking for a Security Risk Analyst to join our Information Security team and help ensure M&S maintains a strong and resilient security posture. Working within the Governance, Risk & Compliance (GRC) function, you'll play a key role in supporting the implementation and ongoing development of our cybersecurity risk assessment framework, helping the business identify, assess and manage cyber risk effectively.
You'll work closely with Security Risk Principals, Specialists and stakeholders across Technology and the wider business to analyse cyber risk data, support risk assessments and provide meaningful insight into M&S's security landscape. This is an exciting opportunity for someone with a strong foundation in cybersecurity risk management who is keen to influence decision-making and contribute to the protection of a complex retail environment.
What you'll do
- Supporting the delivery and ongoing adoption of M&S's cybersecurity risk assessment framework and associated risk management processes.
- Analysing security risk data, identifying key areas of concern and communicating findings to stakeholders across the business.
- Collaborating with Security Risk Principals, Specialists and wider GRC teams to assess, document and manage cybersecurity risks.
- Contributing to risk reporting, governance forums and security risk appetite reviews that provide insight into M&S's cyber risk posture.
- Supporting the development of risk awareness, training and continuous improvement activities that strengthen cybersecurity risk management across M&S.
Who you are
- Experience in cybersecurity risk management, with a good understanding of security governance, risk and compliance principles.
- Knowledge of industry‑recognised frameworks such as NIST CSF, and the ability to apply risk‑based thinking to security challenges.
- Strong analytical and problem‑solving skills, with the ability to interpret complex information and communicate it clearly.
- Excellent stakeholder management, organisation and prioritisation skills, with experience working across multiple teams and business functions.
- A collaborative mindset and a passion for helping organisations identify, understand and manage cybersecurity risk.
What's in it for you?
Working at M&S means being part of something bigger - helping to deliver quality, value and service to millions of customers every day. We're inclusive, fast‑moving and always evolving, with a strong sense of purpose and a focus on doing the right thing.
Here are just a few of the benefits that make working here even more rewarding:
- 20% colleague discount on all M&S products and many third‑party brands for you and someone in your household, available once you've completed your probation
- Competitive holiday allowance with the option to buy more
- Discretionary bonus schemes linked to your performance and ours
- Strong pension and life assurance to help plan for the future
- Tailored induction and training to support your development from day one
- Exclusive perks and savings through our M&S Choices portal
- Market‑leading family policies, including parental, adoption and neonatal leave
- 24/7 wellbeing support, including virtual GP access and mental health services
- One paid volunteer day a year to support a cause that matters to you