Information Security Risk Analyst



Improbable is growing it's information security team. Your mission is to support all teams across Defence meet business objectives in the most secure manner possible. You will help develop processes and manage security risks across three core domains for the Defence Unit - Cyber, Personnel and Physical. Due to the tailored security requirements of our customers, the team plays a key role in applying robust security controls for defined outputs and maintaining bespoke assurance requirements. 


Areas for Impact

    • Contribute and lead security risk assessments across security domains, projects, operational requirements and technical change initiatives. 
    • Pragmatically assess risks, ensure alignment with information security policies and risk management methodologies used within the information security management system (ISMS).
    • Develop and expand new metrics and KPI/KRIs to support risk management functions.
    • Communicate the security impact of technical decisions, the approach to risk mitigation and alignment to risk tolerance across to stakeholders across all levels of the business.
    • Participate in due diligence and on-going risk management of supply chain activities.
    • Review and interpret threat intelligence and provide risk advisory and tutorial services to wider Defence teams.
    • Work with stakeholders, both technical and non-technical, to enable a pragmatic approach to apply security best practice. Demonstrating understanding of industry frameworks and NCSC aligned security principles. 
    • Support the creation and maintenance of new security standards and procedures to aid staff security cultural improvements. Including supporting personnel and physical security processes associated with HMG handling requirements. 

We'd like to hear from you if you identify with the following:

    • You have a clear understanding of ISO27001 or NIST CSF. This will enable you to hit the ground running within our Information Security Management System (ISMS) and contribute towards on-going risk management improvements. 
    • You have knowledge and understanding of risk management principles, best practices and emerging toolkits. Including experience of accreditation requirements associated with Cyber Essentials and/or ISO27001. This will ensure you are able to deliver outputs to our required standards. 
    • You have experience of helping to resolve complex issues across technical and socio-technical risks. This will help your ability to identify and interpret likely issues associated with our business operations.
    • You look to maintain a good understanding of industry security trends and have experience of interpreting tailored threat intelligence. This will help your ability to explain concepts to others and interpret changes within the current threat landscape.
"Please note due to the nature of this role you will be expected to meet requirements associated with obtaining UK security vetting clearance"

About Us
Improbable is determined to foster an environment where people can do their best work and feel like they belong. We believe a healthy culture, strong values and contribution from a diverse range of individuals will help us to achieve success.
We do not discriminate based on race, ethnicity, gender, ancestry, national origin, religion, sex, sexual orientation, gender identity, age disability, veteran status, genetic information, marital status or any other legally protected status.
Life at Improbable
Diversity, inclusion & belonging
Apply for this job

Location: London

Date posted: 2022-01-20