Search for Jobs

Applied Filters (1)
4 Results
Windsor, Greater London, United Kingdom
1 day ago
Danske Bank London
Colchester, Central London, United Kingdom
23 days ago
Pryor Associates
GA, United States
30+ days ago
Greater London, United Kingdom
30+ days ago
Windsor, Greater London, United Kingdom
1 day ago


Type: Permanent
Position: Information Security Risk Analyst
Location: Windsor, England
Industry: IT


We are hiring! We have an amazing opportunity for a Cyber and Information Security Risk Analyst who will work closely with the Group CISO and wider Cyber team to facilitate interactions across IT and business units, ensuring that Information Security and Cyber risk are identified and appropriately managed to protect Centrica’s customers and its data, services and systems.

In this key role, you will influence the Cyber Security posture of Centrica and its affiliated business units. The IT Information Security and Cyber risk manager serves as the second line of defence for assuring Information Security and Cyber controls are implemented effectively, in accordance with the risk framework and for embedding a culture of Cyber Security risk management across Centrica.

The role will analyse existing risk mitigation strategies, Cyber controls and communicate with the CIO and leadership team on the efficacy of these measures, suggesting ways and means for improving them. You will set Cyber Security risk mitigation goals required by the Centrica and report to senior management on the progress against them.

Location: Flexible

Package: Competitive base salary plus benefits including bonus, healthcare and pension options, as well as 25 days annual leave.

What kind of activities will you be doing?

  • Implements the Information Security risk framework and ensures timely assessment and treatment of security risks
  • Ensure Information Security risks are either treated or accepted in accordance with the risk appetite
  • Works with the IT teams to identify and assess Information Security risks including Cyber risks
  • Ensure periodic Information Security risk assessments of key services, third parties and regulatory commitments are performed, and remediation plans are monitored
  • Ensure services are assessed and classified based on their Confidentiality, Integrity and Availability
  • Use the output of Information Security risk assess to identify control gaps and weakness and provide direction to strategy and change programs to improve control efficacy
  • Work with the business units to understand their key Information Security risks and agree the actions to mitigate or monitored and improve their controls
  • Produce the quarterly IT Risk submission to the business units and working with Group level risk functions on Information Security risk
  • Inform senior leadership of risks and recommendations in non-technical terms, considering cost/benefit, to ensure security of Information Systems
  • Support Legal and Compliance teams e.g. Data Protection and Privacy, as regards to Information Security risks
  • Understand the external security environment and emerging trends to support Information Security risk management

To be great in this role you will need to demonstrate the following skills and experiences:

  • Extensive knowledge of Cyber Security risk assessment methods, such as ISRAM, OCTAVE, etc.
  • Strong knowledge of Information Security technologies, such as identity and access management, encryption, and multi-factor authentication
  • Understanding of power utilities, retail energy, and oil & gas industry trends and emerging threats would be useful but not essential
  • Ability to draw upon external network to understand emerging Cyber Security threats and events
  • Knowledge of internal and/or external regulatory policies, standards, procedures and controls (e.g., CPNI, NIST, ISO27xx) and other working Cyber frameworks such as Kill Chain, Mitre Att&Ck, VERIS, etc.
  • Ability to drive technical consensus and facilitate agreements with challenging stakeholders
  • Ability to understand business visions and strategy and anticipates the associated risks from an Information Technology and Security perspective and how to facilitate business objectives whilst quantifying and managing the Cyber Security risk exposure; being a trusted Information Security risk advisor to the business


  • Experience in a Cyber Security risk function would be ideal extensive experience within 2nd or 3rd line
  • Performed Cyber Security risk assessments following an industry framework
  • Modelling of threat scenarios to identify Cyber Security threats arising from new or changing systems and applications
  • Facilitated workshops with senior stakeholders from diverse background to determine Cyber Security risks and assess their ratings
  • Experience of OT/IoT and Cloud Cyber Security threats, controls, and risks, though not essential
  • Produced communication material and reporting suitable for CxO level and senior leadership
  • Produced effective reporting for the CxO level and undertaken briefings with technology and business leaders
  • Administered Governance, Risk and Compliance tools and methods


  • CISSP, CISM or similar

Job Information

  • Job ID: 60196911
  • Location:
    Windsor, Greater London, United Kingdom
  • Position Title: Information Security Risk Analyst
  • Company Name: Centrica
  • Job Function: IT

Centrica is an international energy and services company focused on satisfying the changing needs of our customers. Our business is founded on a 200-year heritage of serving people. We supply energy and services to over 25 million customer accounts mainly in the UK, Ireland and North America through strong brands such as British Gas, supported by around 15,000 engineers and technicians. Technology is increasingly important in delivering energy and services to our customers. We aim to be a trusted corporate citizen and an emp...

View Full Profile

Jobs You May Like
Job Function