Senior Risk Analyst

Role : Senior Risk Analyst

About the position :

The Senior Risk Analyst plays a key role in embedding cyber and IT risk management into technology delivery and operations. This role works closely with product teams, architects, engineering leaders, and security stakeholders to ensure risks are identified early, assessed pragmatically, and addressed without slowing business outcomes.

The position combines hands-on risk execution with strong stakeholder engagement, focusing on architecture risk assessments, security assurance, incident support, remediation tracking, and awareness enablement. The role is well-suited for a professional who can balance security rigour with delivery pragmatism in large, complex technology environments.

Key Responsibilities

• Perform cyber and IT risk assessments for applications and platforms, reviewing architectures, data flows, deployment models, and thirdparty integrations.
• Engage early with architects, engineers, and product teams to embed securebydesign and riskbased decisions into solution design.
• Support security incidents, risk exceptions, and remediation efforts, including business justification reviews and action tracking.
• Act as the primary risk contact for assigned technology or business areas, providing clear guidance and regular risk status updates.
• Deliver risk and security awareness sessions, process walkthroughs, and targeted enablement for technical and nontechnical stakeholders.
• Maintain risk metrics, dashboards, and tracking artefacts, and contribute to continuous improvement of risk processes and ways of working.

Required Experience & Qualifications

• Minimum 8+ years of experience in IT Risk Management, Cybersecurity, Information Security, or related domains.
• Practical experience conducting risk assessments, architecture/security reviews, and remediation tracking.
• Strong working knowledge of industry-standard frameworks (e.g. ISO 27001, NIST, CIS Controls, risk management frameworks).
• Experience working in large, complex IT or digital environments with multiple stakeholders.
• Relevant certifications such as CISA, CISSP, ISO 27001 Lead Implementer/Auditor (preferred or in progress).

Key Skills & Attributes

• Strong analytical and risk evaluation skills
• Ability to influence technical and business stakeholders without direct authority
• Strong communication skills, with the ability to confidently engage diverse stakeholders and convey risk in clear, businessrelevant terms.
• High ownership, accountability, and execution discipline
• Pragmatic mindset with the ability to balance risk, security, and delivery speed with business expectations in mind.