Cyber Security Analyst, Risk

The Cyber Security Analyst, Risk sits within the Cyber Security Governance, Risk and Compliance team and is responsible for supporting the day-to-day oversight and management of cyber risk across the organisation. The role focuses on ensuring that cyber risks are effectively identified, assessed, documented and managed in accordance with Heathrow’s policies, enterprise risk framework and recognised industry best practice.

The position requires strong analytical capability, stakeholder engagement skills and an understanding of governance and assurance frameworks within a regulated or complex operational environment.
 

• Assist in the management and continuous improvement of relevant policies relating to cyber risk management, ensuring that these align to recognised best practice
• Help mature and drive effective cyber risk management practices across the business, ensuring that risks are identified, assessed, and managed appropriately and in line with Heathrow policies and relevant good practice.
• Support the implementation of modern risk management tooling, including ensuring appropriate business engagement and support, in order to maximise the value of the tool
• Participate in internal and external audits, including relevant follow-up activity.
• Support the delivery of Heathrow’s third-party risk management programme
• Compile and analyse data for management reporting and metrics.
• Maintain a comprehensive and current understanding of Cyber Security and Information Security threats. 
• Track and follow-up with Risk owners to ensure risks are being appropriated remediated according to agreed timescales and approach
   

• Proven experience operating in cyber risk roles. Experience in mixed IT/OT environments would be advantageous.
• Relevant risk, assurance and/or cyber leadership certifications, such as CISSP, CISM, C-RISC, CISA, ISO 27001 Lead Auditor / Lead Implementor would be advantageous
• Knowledge and understanding of key Information Security controls/processes 
• Experience applying Cyber Risk Management frameworks (e.g. ISO 27005, NIST Risk Management Framework, etc) in complex operational environments
• Understanding of cyber security standards and frameworks, in particular ISO 27001, NIST Cybersecurity Framework v2.0, and the NCSC Cyber Assessment Framework
• Understanding of the UK regulatory landscape for cyber security and resilience, including the Network and Information Systems Regulations 2018.
• Knowledge and experience of relevant aviation security frameworks (e.g. CAP1753) would be advantageous.