Cyber Risk Analyst

As a Cyber Risk Analyst, you will play a key role in DCMS’s intelligence-driven, risk-led approach to cyber security—working with experts and senior stakeholders to deliver assurance and assessments that enable agile, informed decisions while protecting the department from cyber threats.

In this high-profile and visible role, you will lead the cyber risk analysis of programmes—from major events to new IT services—engaging stakeholders across DCMS to support risk-based decisions that strengthen the department’s security posture.

You will independently undertake cyber risk management and assessment activities, operating within established governance frameworks. This includes analysing business needs, conducting tailored cyber security risk assessments, and ensuring compliance with relevant regulations and legislation.

In this role, you’ll provide clear, proportionate advice to stakeholders, helping them understand and address identified risks using appropriate security capabilities, standards, and guidance. Your input will enable risk and service owners to make informed, auditable decisions based on a strong understanding of cyber threats.

Person specification

The ideal candidate would have the following key skills and experience:

Essential Criteria:

Information Risk Assessment and Risk Management. Practitioner. Has a good understanding of an organisations business drivers and approach to assessing and managing cyber security risks in situations with a relatively well-defined scope. ( , Cyber Security Risk Manager)

Applied Security Capability. Practitioner. Deriving security requirements through threat analysis and interpreting organisational intentions to create meaningful security recommendations. Provide tailored security advice using established frameworks, balancing user and business needs, and ensures ongoing assurance and effective risk communication throughout the system life cycle. ( , Cyber Security Risk Manager)

Protective Security. Working. Applies concepts of protective security within the context of the other specialisms/enablers, and keeps knowledge up-to-date. Champions protective security within the wider security function, providing advice to others. ( ,  Cyber Security Risk Manager)

Threat Understanding. Working. Interpret and apply threat information to inform decision-making and planning. This ensures relevant threat insights are communicated to local stakeholders to guide security actions within the organisation. ( , Cyber Security Risk Manager)

Desirable skills:

• Excellent interpersonal skills, with the ability to work across organisational boundaries and cultures.
• Excellent communication skills, with the ability to clearly articulate, summarise and describe technical issues for non-technical audiences.
• Previous experience identifying, assessing and evaluating cyber security risks within a HMG environment.
• Experience in delivering briefings on security-related topics.

*We fully recognise that the requirements for our cyber roles are demanding and difficult to attain. We encourage candidates to apply, even if it is felt that not all the essential requirements are met. DCMS-Cyber are seeking candidates that demonstrate good values and a willingness to learn.

We are running an information session where prospective applicants can find out more about the role. This will be hosted by the Josh Ledsham , Lead Cyber risk Analyst, and will take place on:

• Tuesday 22 April, [12:30 pm - 13:00 pm]

The session will be an opportunity to hear more about the role, the team and wider directorate and the department. It will also be an opportunity for you to ask any questions.

Please register for this through our advert post latest by 23:00 pm on Monday 21 April and you will be sent an invitation.

Please note that the session will not focus on the DCMS recruitment process - please direct any queries that you have on this topic (timelines, reasonable adjustments, onboarding etc) to recruitment.team@dcms.gov.uk