Cyber Risk Analyst

As a Cyber Risk Analyst, you will play a key role in DCMS's intelligence-driven, risk-led approach to cyber security - working with experts and senior stakeholders to deliver assurance and assessments that enable agile, informed decisions while protecting the department from cyber threats.

In this high-profile and visible role, you will lead the cyber risk analysis of programmes - from major events to new IT services - engaging stakeholders across DCMS to support risk-based decisions that strengthen the department's security posture.

You will independently undertake cyber risk management and assessment activities, operating within established governance frameworks. This includes analysing business needs, conducting tailored cyber security risk assessments, and ensuring compliance with relevant regulations and legislation.

In this role, you'll provide clear, proportionate advice to stakeholders, helping them understand and address identified risks using appropriate security capabilities, standards, and guidance. Your input will enable risk and service owners to make informed, auditable decisions based on a strong understanding of cyber threats.

The ideal candidate would have the following key skills and experience:

• Information Risk Assessment and Risk Management. Practitioner. Has a good understanding of an organisation's business drivers and approach to assessing and managing cyber security risks in situations with a relatively well-defined scope. (GSP Career Framework, Cyber Security Risk Manager)
• Applied Security Capability. Practitioner. Deriving security requirements through threat analysis and interpreting organisational intentions to create meaningful security recommendations. Provide tailored security advice using established frameworks, balancing user and business needs, and ensures ongoing assurance and effective risk communication throughout the system life cycle. (GSP Career Framework, Cyber Security Risk Manager)
• Protective Security. Working. Applies concepts of protective security within the context of the other specialisms/enablers, and keeps knowledge up-to-date. Champions protective security within the wider security function, providing advice to others. (GSP Career Framework, Cyber Security Risk Manager)
• Threat Understanding. Working. Interpret and apply threat information to inform decision-making and planning. This ensures relevant threat insights are communicated to local stakeholders to guide security actions within the organisation. (GSP Career Framework, Cyber Security Risk Manager)

• Excellent interpersonal skills, with the ability to work across organisational boundaries and cultures.
• Excellent communication skills, with the ability to clearly articulate, summarise and describe technical issues for non-technical audiences.
• Previous experience identifying, assessing and evaluating cyber security risks within a HMG environment.
• Experience in delivering briefings on security-related topics.

We fully recognise that the requirements for our cyber roles are demanding and difficult to attain. We encourage candidates to apply, even if it is felt that not all the essential requirements are met. DCMS-Cyber are seeking candidates that demonstrate good values and a willingness to learn.

We'll assess you against these behaviours during the selection process:

• Making Effective Decisions
• Communicating and Influencing
• Delivering at Pace

We are running an information session where prospective applicants can find out more about the role. This will be hosted by Josh Ledsham, Lead Cyber Risk Analyst, and will take place on:

• Tuesday 22 April, [12:30 pm - 13:00 pm]

The session will be an opportunity to hear more about the role, the team and wider directorate and the department. It will also be an opportunity for you to ask any questions.

Please register your interest by filling out this Registration form here by 23:00 pm on Monday 21 April and you will be sent an invitation.

Please note that the session will not focus on the DCMS recruitment process - please direct any queries that you have on this topic (timelines, reasonable adjustments, onboarding etc) to recruitment.team@dcms.gov.uk.