Cyber Security Governance Analyst

Role Requirements

Governance, Policy & Framework Support

• Support the maintenance and continuous improvement of information security policies, procedures, standards, and supporting documentation.
• Assist with embedding security governance requirements into ICT and business processes, ensuring alignment with organisational objectives.
• Support security frameworks (e.g. ISO 27001, ISO 27701, NIST or equivalent) by maintaining documentation, registers, and evidence.
• Track and report on actions arising from governance forums, audits, and reviews.

Role Requirement 2

Risk Management, Assurance & Compliance

• Support the delivery of cyber security risk assessments, including risk identification, documentation, and tracking of treatment actions.
• Maintain risk registers, action logs, and assurance artefacts in line with agreed risk management processes.
• Assist with control assurance activities, validating that controls are implemented and operating effectively, and gathering supporting evidence.
• Provide operational support for internal and external audits, including evidence collection, documentation review, coordination with stakeholders, and tracking audit findings through to closure.
• Support escalation and reporting of overdue or high‑risk issues to senior security and governance forums.

Role Requirement 3

Penetration Testing & Security Assessment Support

• Support the coordination and management of penetration testing and security assessments, including scoping, scheduling, and stakeholder engagement.
• Assist with validation, documentation, prioritisation, and risk contextualisation of findings.
• Track remediation actions arising from penetration tests and assessments, working with Security Operations, ICT teams, suppliers, and other stakeholders within the business.
• Support follow‑up testing and formal closure of findings.

Role Requirement 4

Operational Security Support & Cross

‑

Team Collaboration

• Provide cross‑cover for Security Operations activities when required, including assisting with incident response, evidence gathering, and reporting.
• Support vulnerability, patch, and control assurance activities by validating remediation status and providing governance oversight.
• Contribute governance and risk input during incidents, projects, and significant changes.
• Collaborate closely with Operations‑focused analysts to ensure alignment between control design, implementation, operation, and assurance.

Required Experience

• Minimum 1 year experience in cyber security, ICT governance, risk, compliance, audit, or a related ICT role.
• Understanding of information security governance concepts, including risk management, controls, and assurance.
• Understanding of networking fundamentals, operating systems (Windows/Linux), and security concepts.
• Awareness of security regulation, frameworks and standards such as NIS2, ISO 27001, NIST, or similar.
• Strong documentation, organisation, and attention‑to‑detail skills.
• Strong analytical and troubleshooting skills with the ability to prioritise operational security issues.
• Clear written and verbal communication skills, particularly when documenting incidents or explaining technical issues to non‑technical stakeholders.

Desirable

• Experience supporting security awareness or phishing simulation platforms.
• Exposure to public sector or regulated environments.
• Experience working with third‑party suppliers or managed security services.

Qualifications

• Relevant third level IT qualifications (e.g. Degree, Diploma) or equivalent technical certification is essential.

Desirable

• CompTIA Security+
• ISO27001 Lead Implementor/Auditor
• Microsoft SC or AZ Certifications
• ISC2/ISACA Certifications

CLICK THE APPLY BUTTON TO GO TO THEIR CAREERS PAGE WHERE YOU CAN CHECK THIS JOB AND ALL OTHER OPPORTUNITIES AVAILABLE