Security Risk Analyst Lead

As the lead Security Risk Analyst, you will drive the strategic direction for the system level risk identification, management, and review for one of the most critical networks - the Operational Technology Services Network (OTSN).
Ensuring new and changed standards grow the cyber security maturity of the organisation, are proportionate to the risk (in line with the ET's risk appetite & the NIS Regulation) and are in line with security & resilience strategies.

Key accountabilities

• Lead the creation, development, and management of OTSNs risk assessment frameworks and principles to support the cyber security decision making processes within ET.
• Provide expert technical support for the risk assessment of vulnerabilities and deviations from the target state including agreeing mitigating actions within agreed delegated authority.
• Support the development of cyber security policies and specifications to reduce risk.
• Improve organisational cyber security maturity and support compliance with the NIS Regulation for the OTSN by managing OTSN registers in line with risk appetite.
• Support the business to understand cyber security requirements for OTSN through engagement with projects and design teams on OTSN risks.

• Support the business to understand cyber security risks through appropriate reporting and communication of current risks and vulnerabilities.
• Influence the security and resilience strategies to accelerate cyber security risk reduction.
• Support the optimisation of OTSN management strategies in the long-term interests of consumers and the business

Interpersonal, Supervisory or Management

• Relevant experience risk reporting including leading teams of risk analysts and/or project management.
• Strong data analytical skills and excellent written and communication skills with the ability to interface comfortably with senior stakeholders.
• Strong investigation and problem-solving skills, demonstrating autonomy and initiative.
• Proactive with the ability to work under tight deadline pressures across multiple workstreams.
• Sound understanding and proven experience of IEC 62443, ISO27000, NIST CSF and audit processes.
• Experience of introducing changes to specifications or policies that apply to a technical audience.
• Extensive experience communicating difficult and standard issues associated with areas of expertise in a clear and concise manner both verbally & in writing.
• Eager to develop their business and technical skills, you will be comfortable breaking new ground and changing the way the business makes decisions.

Technical or Specialist

• Technical understanding of the LAN / WAN Networks and Operational Technology (OT).
• Detailed understanding of how cyber security risks can manifest within networks, devices, and systems.
• Understanding of asset management principles, including risk management, decision making, planning, asset lifecycle and asset data/information.
• Experience of using and developing decision making frameworks and tools including economic assessments (NPV, CBA) and whole life asset assessments (WLV)
• Familiarity with international standards related to cyber security including IEC62443 and IEC62351
• Commensurate experience with O365, including excel and preferable Power BI.
• Experience with MITRE ATT&CK desirable, preferably MITRE ICS.