Cyber Risk Analyst

Description: Role Title: Cyber Risk Analyst
Location: Knutsford
60% office 40% home
Duration: 30/10/2026
£497.40 per day INSIDE IR35

MUST BETHROUGH UMBRELLA

Role Description:
Role Overview: The Lead Cyber Risk Consultant will spearhead the EOL risk assessment project, providing strategic direction and oversight. In this role, you will lead a comprehensive evaluation of cybersecurity risks associated with End-of-Life technologies across the bank and apply a new cyber risk methodology to assign risk ratingsvii. You will identify opportunities to reduce residual risk in obsolete systemsviii, and guide remediation efforts through to successful transition into BAU processesix. This position requires excellent leadership, communication, and stakeholder management to coordinate between technical teams and senior managementx.

Required Skills & Competencies:

Cyber Risk Expertise: Deep knowledge of cyber risk management practices, including risk assessment methodologies and frameworks (eg NIST CSF, ISO 27005, FAIR). Ability to identify, classify, and prioritize cybersecurity risks in a large enterprise environmentxviii.

Technical Understanding: Strong understanding of IT infrastructure and applications, especially the challenges posed by End-of-Life technologies (outdated operating systems, unsupported software, Legacy hardware). Capable of evaluating technical dependencies and security implications of obsolete systemsxix xx.

Analytical & Methodological Skills: Advanced analytical skills ("cyber analytics"xxi), including proficiency with risk analysis tools or GRC platforms for tracking risk items. Comfortable analysing data (eg asset inventories, vulnerability scan results) to quantify risk levels and support data-driven decision making.

Leadership & Coordination: Proven ability to lead a team or project in a cybersecurity context. Excellent organizational skills to manage multiple parallel workstreams (risk assessment phase, remediation phase, reporting, etc.), ensuring milestones are met on time.

Communication & Stakeholder Management: Exceptional communication skills, both written and verbal. Able to translate technical risk issues into business terms and present findings/recommendations to stakeholders at various levels2. Strong stakeholder management and negotiation skills to drive consensus on remediation priorities and resource allocation.

Problem-Solving: Adept at solving complex problems and devising risk mitigation strategies. Can balance security requirements with operational practicalities, recommending solutions that reduce risk while enabling business objectives.

Adaptability: Flexibility to work with both onshore and offshore teams. If offshore, willingness to align part of your working hours to UK business hours for effective collaboration3 4.

Qualifications & Certifications:

Certifications: Industry-recognized certifications in cybersecurity/risk are highly desirable. Examples include CISSP, CISM (information security management), and especially CRISC (Certified in Risk and Information Systems Control) or CISA for IT risk control. These certifications demonstrate a solid foundation in managing enterprise IT risks and controls.

Framework Knowledge: Familiarity with relevant security standards and regulations. Knowledge of ISO 27001 information security management and risk assessment standards, NIST cybersecurity framework, and banking industry regulations or guidelines for operational risk/cyber risk is beneficial.

Other: Any certifications in cloud security or technical areas are a bonus if EOL systems span on-prem and cloud (eg AWS/Azure security certifications), as well as project management certifications (eg PRINCE2, PMP) which can aid in managing the engagement.

Experience:

Years of Experience: Approximately 8-10+ years of experience in cybersecurity, with a significant portion in cyber risk management or security consulting roles. Prior experience leading risk assessment projects or large-scale security consulting engagements is expected.

Domain Experience: Demonstrated experience in conducting risk assessments, security audits, or vulnerability management in complex IT environments. Experience should include evaluating technology life cycle issues, such as dealing with outdated systems or large-scale remediation programs, ideally within a financial services or highly-regulated industry.

Project Leadership: Past roles should reflect the ability to manage or coordinate security projects and to work cross-functionally (eg, working with IT infrastructure teams, application owners, and governance/Risk functions). Evidence of successfully driving risk remediation initiatives or advising on risk treatment plans is important.

Please send latest CV

LA International is an award-winning partner of choice for many of the world's most influential companies and government organisations. Holding Enhanced Government Security Accreditation, we are recognised as the European market leader in the delivery of Security Cleared talent to organisations that demand the very highest levels of security, compliance and assurance.

A multiple award-winning organisation, having secured the prestigious Queens Award for Enterprise: International Trade over consecutive years. We are committed to fostering an inclusive, equitable and accessible workplace where everyone feels valued and supported. We welcome applications from all individuals, regardless of background or identity, and we encourage candidates who may not meet every listed requirement to still apply. If you require any adjustments or support during the recruitment process, please let us know and we will work with you to ensure a fair and accessible experience.

Please Note: If a high volume of applications is received, only candidates shortlisted will be contacted.