Cyber Risk Analyst

Cyber Risk Analyst

Unijobs on behalf of our public sector client have a requirement for a Cyber Risk and Governance Analyst to join their team. The duration of this post is 12 months initially with likely extensions thereafter. This role will be Flexible/Hybrid Working - The successful candidate must be able to attend client sites as required.

Working 35 hours per week, the successful candidate will be employed as an agency employee and will be paid an hourly rate of €31.70 per hour based on an annualised salary of €57,898. You will accrue 30 days annual leave per year and paid Bank Holidays.

Principal Duties and Responsibilities:

• Support the Cyber Risk Lead in delivering core cyber risk management activities within the CISO Office.
• Support and undertake organisational cyber risk assessments, providing recommendations to mitigate identified cyber risks.
• Support the maintenance of cyber risk registers, ensuring risks are recorded, assessed, reviewed, updated and escalated in line with agreed governance processes.
• Maintain awareness of emerging regulatory trends for example NIS2 and national policies and assist in assessing their impact on cyber governance practices.
• Provide data analysis and reporting to support the development of the Cyber Risk Management function, including detailed weekly, monthly and quarterly data packs covering KPIs, KRIs and trends.
• Support the escalation of material cyber risks, overdue treatment actions and emerging risk trends through agreed governance routes.
• Track agreed cyber risk treatment plans, including mitigation actions, owners, due dates, dependencies and status updates, and escalate delays or blockers where required.
• Assist in preparing cyber risk reports, dashboards and briefing material for management, highlighting key risks, trends, overdue actions and areas requiring escalation.

Skills & Experience:

• A minimum of two years’ experience supporting or managing activities related to cyber or technology risk, compliance or audit, within an organisation, preferably (but not necessarily) for a Health Sector Organisation, and this must be clearly demonstrated in the submission.
• Experience of working in cyber security, risk management, audit or compliance in a complex or regulated environment. Experience of engaging with a wide range of stakeholders in supporting on the identification, analysing, monitoring, and reporting of cyber risks.
• Knowledge of cyber security regulations and frameworks including NIS and NIS2, NIST CSF and ISO 27001

• Proven experience of developing dashboards and reports for key stakeholders.

Highly desirable

• A relevant professional or third level qualification in cyber security, risk, regulatory compliance or a related discipline.
• Working knowledge of cyber security regulations and frameworks including NIS and NIS2, NIST CSF and ISO 27001
• Experience using GRC or enterprise risk management tools to support cyber risk assessments, maintain risk registers, track treatment actions, monitor control effectiveness and produce risk reporting for stakeholders.

Professional knowledge and experience:

The successful candidate will demonstrate:

• Ability to understand and document risks, controls, risk treatment actions and reporting requirements using agreed frameworks and templates.
• Working knowledge of cyber security standards and frameworks such as NIS, CSF and ISO 27001 and willingness to deepen this knowledge.
• Knowledge of designing and building data reports to support the identification, collection and analysis of relevant data to support the Cyber Risk Function. This will include KPIs, KRIs and trend analysis.
• Strong written skills including preparation of reports, minutes and briefing material.
• Proficiency in Microsoft 365 tools including Word, Excel, PowerPoint and Outlook.
• Understanding of the cyber risk lifecycle, including identification, assessment, treatment, monitoring, review and closure.

• Understanding of risk appetite, risk tolerance, inherent risk, residual risk and control effectiveness, and how these concepts support cyber risk decision making.
• Collaboration with internal and technical teams to assess the effectiveness of cyber risk security measures.
• An ability to quickly build relationships with a diverse set of stakeholders to ensure timely reporting on cyber risk metrics.
• An ability to work pragmatically with business owners and technical teams to help drive solutions / outcomes in operational environments, while still maintaining appropriate governance oversight.
• Evidence of managing own work effectively and delegating appropriately, when necessary, within the resources available.
• An ability to analyse and evaluate information, considering a range of critical factors in making effective decisions.
• Recognising when it is appropriate to refer decisions to a higher level of management.
• A strong attention to detail and analytical mindset with the capacity to identify and prioritise key risks that may impact.
• Strong organisational skills with the ability to manage competing priorities and deliver work to agreed deadlines.

*This position may be subject to Garda Vetting and Foreign Police Clearance, if applicable you will be required to obtain these prior to commencing in this role*

Unijobs is an equal opportunities employer