Security Risk Analyst

Role Summary We are looking for a Security Risk Analyst with 2 years of experience to help identify, assess, and manage information security risks across our organization. In this role, he/she will work closely with IT, security, and business teams to evaluate threats, review controls, and support risk‑based decision‑making that keeps our systems, data, and customers safe.   Key Responsibilities Conduct security risk assessments on applications, infrastructure, vendors, and business processes. Identify threats, vulnerabilities, and control gaps, and document associated risks and impacts. Contribute to risk registers, ensuring risks are clearly described, rated, and tracked. Review and evaluate the effectiveness of existing security controls and recommend improvements. Support compliance efforts with relevant standards/regulations (e.g., ISO 27001, NIST, SOC 2, PCI-DSS, GDPR, etc. as applicable). Support the development, review, and maintenance of security policies, standards, and procedures. Document risk assessment results, remediation plans, and status updates in a structured, clear way. Maintain up-to-date security and risk documentation (e.g., risk registers, asset inventories, vendor assessments). Prepare reports, dashboards, and presentations summarising security risks and remediation status. Communicate risk findings and recommendations in business-friendly language. Work with business owners to define risk treatment plans and timelines.   Required Qualifications & Experience Bachelor’s degree in information security, Computer Science, IT, Risk Management, or a related field (or equivalent practical experience). 2 years of experience in information security, IT risk management, vendor management, or cyber security roles. Strong Understanding of OWASP Top 10 Awareness of ISO 27001 controls and NIST Cyber security Framework Experience performing risk assessments, security reviews, or internal/external audits. Familiarity with risk management concepts (likelihood/impact, inherent vs. residual risk, risk appetite).   Soft Skills Ability to analyse technical information, identify risks, and propose practical mitigation. Clear written and verbal communication with both technical and non‑technical stakeholders. Comfortable working with cross‑functional teams (IT, Security, Legal, Compliance, Business). Able to manage multiple tasks, assessments, and deadlines simultaneously. Proactive mindset: able to suggest realistic, risk-based solutions rather than just identifying issues.   Preferred Qualifications CEH, CompTIA Security+, ECSA, or EC-Council cyber security certification. ISO 27001 Internal Auditor Experience with: GRC or risk management tools (e.g., Archer, Service Now GRC, One Trust, etc.) Cloud environments (AWS, Azure, GCP) and their security concepts. Working in regulated or high‑compliance environments (e.g., finance, healthcare, SaaS).