Cyber Risk & Assurance Analyst

This is a fantastic opportunity to join Southern Water’s Cyber Risk & Assurance team, the organisation’s second line of defence within the wider Cyber Security function. As a Cyber Risk & Assurance Analyst, you’ll play a central role in helping the business understand, manage and reduce cyber risk across critical operations.

You’ll be responsible for developing and improving cyber risk insights in your area of specialism, driving process and tooling enhancements, and supporting stakeholders across Technology, Legal and the wider business. This is a role for someone who enjoys tackling complex problems, breaking them down into actionable solutions, and collaborating with a wide range of experts.

You’ll also act as a trusted advisor helping colleagues understand cyber threats, risks and controls, and supporting the wider team in embedding strong cyber risk management practices across Southern Water.

What you will be responsible for:

• You will conduct complex cyber risk assessments, strengthen key controls, deliver clear risk insights, and drive improvements across cyber domains — all while building collaborative relationships across Technology, Security, Legal and the business.

Key Responsibilities

• Maintain an up‑to‑date understanding of the cyber threat landscape, relevant regulations (including NIS1/NIS2 and GDPR), and emerging risks.
• Lead, plan and perform complex cyber risk assessments aligned to industry‑recognised frameworks, testing the design and effectiveness of cyber controls.
• Produce high‑quality risk assessment reports with clear, actionable conclusions that support timely risk‑based decision‑making.
• Identify and deliver improvements across domains such as identity & access management, application security, endpoint security, and network security.
• Work closely with stakeholders across Security, Technology, Legal, Internal Audit and the wider business to assess control gaps, prioritise remediation actions and track progress to completion.
• Build strong working relationships across teams to influence, support and strengthen cyber risk management practices.
• Drive process improvements and enhancements across the Cyber Risk & Assurance function.

Additional requirements specific to the role

• Will work closely with both technical teams and non‑technical stakeholders, requiring an ability to communicate complex concepts clearly.
• Must be comfortable operating in an environment with regulatory, operational and cyber security obligations.
• Occasional engagement with internal or external audit teams may be required.

What you’ll bring to the role:

• Essential
• Degree‑level education or equivalent experience.
• Strong knowledge of cyber security and information security control best practice.
• Proven experience in cyber security, risk management or security assessment (10+ years, or advanced degree with 8+ years).
• In‑depth understanding of key frameworks such as NIST (800‑37, 800‑30, 800‑53), ISO 27001/27005, SOC 2, PCI or MITRE ATT&CK.
• Solid understanding of cloud models, application security, vulnerability and patch management.
• Experience in regulated and/or unionised environments.
• Excellent communication skills with the ability to simplify complex findings for senior management.
• Strong attention to detail and a proactive, positive, innovative mindset.
• Desirable
• GRC or security certifications (e.g., CISSP, CISM, CRISC, CISA, GCFE, GSEC, CCSP).
• Experience with cyber risk modelling (e.g., CyberCube, RMS, Cyence).
• Hands‑on experience with frameworks such as ISO 27001, NIST CSF, NCSC CAF or CIS Controls.
• Understanding of ICS/OT environments.

Southern Water is at the forefront of transforming Britain’s water industry, investing significantly to enhance resilience, sustainability, and service excellence. With £7.8bn planned investment for 2025-30, this is an unparalleled opportunity to join a business committed to delivering a generational shift in the way water services are managed. You will be joining at a time of significant change, working alongside a highly skilled leadership team with a clear vision for the future. We offer an environment where senior professionals can make a meaningful impact, influence major strategic decisions, and drive long-term value creation.

At Southern Water, we believe diverse perspectives drive innovation. If you’re passionate about making a positive impact and think you can bring value to our team, we’d love to hear from you—even if you don’t tick every box. Your unique skills and experiences could be exactly what we need.

If this role isn’t quite what you’re looking for but are keen to be contacted about opportunities at Southern Water, you can register your details here: Introduce Yourself.

Our Commitment to Diversity

We welcome applicants from all backgrounds, identities, and experiences. We do not discriminate based on race, ethnicity, gender, sexual orientation, age, disability, religion, or any other protected characteristic. If you need reasonable adjustments during the recruitment process, please let us know.

Additional information: In line with Southern Water’s security requirements, successful candidates will be required to provide evidence of their identity, eligibility to work in the UK, criminal record check (DBS) and verification of their employment and/or education history for the past three years. Appointment to this role is subject to the successful completion of all preemployment checks, including security vetting. Please note that if a candidate does not meet the required security standards or fails to pass the vetting process, Southern Water reserves the right to withdraw the offer of employment. Some positions may also require higher levels of security vetting, which may involve providing additional documentation.