Security Risk Analyst

We are looking for a Security Risk Analyst with 2 years of experience to help identify, assess, and manage information security risks across our organization.In this role, he/she will work closely with IT, security, and business teams to evaluate threats, review controls, and support risk‑based decision‑making that keeps our systems, data, and customers safe.

Conduct security risk assessments on applications, infrastructure, vendors, and business processes.Identify threats, vulnerabilities, and control gaps, and document associated risks and impacts.Contribute to risk registers, ensuring risks are clearly described, rated, and tracked.Review and evaluate the effectiveness of existing security controls and recommend improvements.Support compliance efforts with relevant standards/regulations (e.g., ISO 27001, NIST, SOC 2, PCI-DSS, GDPR, etc. as applicable).Support the development, review, and maintenance of security policies, standards, and procedures.Document risk assessment results, remediation plans, and status updates in a structured, clear way.Maintain up-to-date security and risk documentation (e.g., risk registers, asset inventories, vendor assessments).Prepare reports, dashboards, and presentations summarising security risks and remediation status.Communicate risk findings and recommendations in business-friendly language.Work with business owners to define risk treatment plans and timelines.

Bachelor’s degree in information security, Computer Science, IT, Risk Management, or a related field (or equivalent practical experience).2 years of experience

in information security, IT risk management, vendor management, or cyber security roles.Strong Understanding of OWASP Top 10Awareness of ISO 27001 controls and NIST Cyber security

FrameworkExperience performing risk assessments, security reviews, or internal/external audits.Familiarity with risk management concepts (likelihood/impact, inherent vs. residual risk, risk appetite).

Ability to analyse technical information, identify risks, and propose practical mitigation.Clear written and verbal communication with both technical and non‑technical stakeholders.Comfortable working with cross‑functional teams (IT, Security, Legal, Compliance, Business).Able to manage multiple tasks, assessments, and deadlines simultaneously.Proactive mindset: able to suggest realistic, risk-based solutions rather than just identifying issues.

CEH, CompTIA Security+, ECSA, or EC-Council cyber security certification.ISO 27001 Internal AuditorExperience with:GRC or risk management tools (e.g., Archer, Service Now GRC, One Trust, etc.)Cloud environments (AWS, Azure, GCP) and their security concepts.Working in regulated or high‑compliance environments (e.g., finance, healthcare, SaaS).We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses.

These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.Apply for this job