Cyber and IT Risk

Location:Hybrid (c. 3–4 times per month in the Staines area)
Type:Full-time, Permanent
Salary:£62,000 – £79,000 per annum + Benefits

Foundations Executive Search is proud to be partnering with one of the UK’s most prestigious and recognised brands to support the appointment of aCyber and IT Risk Analyst.

This is a fantastic opportunity for an analytical, detail-driven cyber risk professional to join a nationally critical organisation undergoing significant digital transformation. You'll be supporting enterprise-wide cyber risk decision-making at scale—helping to shape and mature security practices across a complex operational environment.

As a Cyber and IT Risk Analyst, you will play a vital role in supporting the enterprise security team to assess, manage, and remediate cyber and IT risks. Working closely with a wide range of stakeholders, you’ll ensure that cyber risk is measured, tracked, and embedded within broader technology and business decision-making frameworks.

You’ll leverage risk methodologies such asNISTandISO 27005to deliver detailed qualitative and quantitative analysis, supporting effective security prioritisation and investment decisions.

• Perform detailed cyber and IT risk analysis using recognised frameworks (e.g. NIST, ISO27005)

• Collaborate pragmatically with technical and business stakeholders to undertake cyber risk assessments and influence control decisions

• Act as a subject matter expert and trusted advisor on cyber and IT risk management

• Communicate risk findings clearly, tailoring insights for both technical and non-technical audiences

• Manage, maintain, and report on the organisation’s Risk Log using platforms such asSureCloudandRiskLedger

• Support the remediation of identified risks, aligned to the organisation’s cyber risk appetite and strategic objectives

• Contribute to the ongoing delivery and implementation of the broader Cyber Strategy

• Assist Cyber Assurance Leads with risk tracking, documentation, and reporting activities

You’ll be a proactive, structured, and collaborative professional who brings strong analytical skills and the ability to work comfortably across complex technology environments. You’ll have the confidence to engage a variety of stakeholders, from technical experts to senior management, and the attention to detail required for effective risk governance.

• Demonstrable experience applying at least two recognised cyber and/or IT risk methodologies (e.g., NIST, ISO27005, FAIR, OCTAVE)

• Experience managing cyber risk in complex, geographically distributed organisations

• Strong documentation skills with the ability to manage and track detailed risk registers

• Excellent communication skills with the ability to present complex technical issues in a clear and approachable way

• Calm and methodical approach, able to prioritise effectively under pressure

• Experience working in safety-critical, aviation, or critical infrastructure environments

• Experience with risk management platforms such asSureCloudandRiskLedger

• Working towards or holding relevant certifications such asCompTIA Security+,CEH,SSCP, or equivalent

This is an exciting chance to build your career in cyber risk within one of the UK's most prestigious and highly respected organisations. With the opportunity to work across a wide range of strategic projects, and strong support for career development, this role offers excellent professional growth and long-term impact.