Senior Information Security Risk Analyst

Management Level

Core Duties/Responsibilities

Risk Identification, Assessment and Analysis

• As a Senior Information Security Risk Analyst, you will lead and conduct comprehensive security risk assessments across EQ’s internal systems, infrastructure, cloud platforms, third-party services, applications, mobile environments, and networks. Your role will be pivotal in identifying and evaluating potential cybersecurity threats and vulnerabilities, ensuring robust risk mitigation strategies are in place to protect EQ’s data and systems. You will work cross-functionally with stakeholders to embed security best practices and ensure alignment with regulatory and organisational standards.
• Review cloud architecture, deployment models, and services to identify gaps against industry best practices (e.g., CIS Benchmarks, NIST, ISO 27001).
• Collaborate with DevOps and Cloud Engineering teams to advise on security controls and risk mitigation strategies in AWS, Azure.
• Lead the analysis and interpretation of security data from diverse sources—including technical assessments, penetration test reports, and code reviews—to identify systemic vulnerabilities, inform strategic risk decisions, and guide enterprise-level remediation efforts.
• Drive the development and strategic recommendation of risk mitigation initiatives, translating assessment findings into actionable improvements to security policies, enterprise controls, and technical architectures
• Maintain Risk records and Risk Acceptances regarding IT, Information or Cyber Security in the Company’s Risk Register/GRC tool.

Regulatory Requirements Identification

• Lead the interpretation and strategic integration of evolving cybersecurity regulations and standards (e.g., GDPR, NIST, ISO 27001, SOX, AI Act, DORA), in collaboration with Legal and Compliance, to ensure enterprise-wide alignment and risk-informed decision-making.
• Lead enterprise-level compliance assessments and cybersecurity gap analyses to evaluate EQ’s adherence to relevant regulations and frameworks. Embed these requirements into the broader Risk Management lifecycle, ensuring systematic enforcement across all new and evolving IT systems and applications

Third-Party Risk Management

• Conduct Risk Analysis of existing and new third-parties playing a significant role in the Company’s supply chain and with access to Company or customer data or the Company’s systems
• Track any significant risk issues arising to completion over agreed timescales.

Information Security Metrics & Reporting

• Oversee the aggregation and analysis of enterprise-wide risk data to identify emerging threats, and deliver strategic, data-driven insights and reports to Executive and senior leadership teams.

Stakeholder Engagement

• Engage with various developers and stakeholders across the business in selecting tailored security training on the training platform.
• Engage in knowledge sharing sessions on emerging threats and security risk trends.

Risk Method Development

• Lead the evolution and governance of the enterprise Security Risk Management Framework, collaborating across IT and security teams to embed effective technical controls (e.g. firewalls, encryption, MFA) and ensure policies, standards, and procedures align with best practice and regulatory requirements.
• Advise and enable secure software development by defining secure coding standards, guiding development teams, and integrating application security testing tools into the SDLC.

We are committed to equality of opportunity for all staff and applications from individuals are encouraged regardless of age, disability, sex, gender reassignment, sexual orientation, pregnancy and maternity, race, religion or belief and marriage and civil partnerships. Please note any offer of employment is subject to satisfactory pre-employment screening checks.