Support the identification, assessment, and documentation of cyber risks across technology and business domains.

Maintain accurate and up‑to‑date cyber risk records, including risk statements, impact assessments, controls, and remediation plans.

Work with Designated Risk Owners to ensure risks are clearly articulated in business‑relevant terms and appropriately owned.

Track risk treatment activities, issues, and remediation progress, highlighting delays or concerns for escalation.

Contribute to cyber risk reporting and dashboards to support management and senior stakeholder visibility.

Promote a pragmatic, risk‑based approach to cybersecurity decision‑making across technology initiatives and operational activities.

Support the execution of the third‑party cyber risk management (TPRM) process in line with business criticality and risk appetite.

Perform supplier cyber risk assessments and reviews, working with Procurement, Legal, and Technology stakeholders.

Track third‑party remediation actions, risk acceptances, and reassessments through to closure.

Support material supplier risk discussions by preparing risk summaries, evidence reviews, and decision documentation.

Maintain accurate third‑party risk data to support reporting, metrics, and audit or assurance activities.

Partner with Technology, Data Privacy, Procurement, and Risk Owners to gather information and support risk assessments.

Act as a point of contact for cyber risk and third‑party risk queries within defined areas of responsibility.

Escalate emerging risks, issues, or blockers to the Team Manager with clear analysis and recommended next steps.

Contribute to a positive risk culture by supporting constructive, solution‑focused conversations.

Follow and consistently apply Cyber GRC frameworks, standards, and processes.

Use GRC tooling effectively to manage risk workflows, evidence, and reporting.

Identify opportunities to simplify risk documentation, improve data quality, or streamline processes.

Support audits, assessments, and regulatory or assurance activities by providing accurate risk evidence and analysis.

Experience in cybersecurity risk management, third‑party risk, IT risk, or GRC within a complex organisation.

Working knowledge of cyber risk frameworks such as ISO 27001, NIST CSF, or SOC2.

Strong analytical skills, with the ability to assess risk scenarios and control effectiveness.

Ability to communicate risk clearly and concisely in written and verbal form.

Strong attention to detail and ability to manage multiple tasks and priorities.

Comfortable working with stakeholders across technical and non‑technical teams.

Professional certifications or progress toward certifications desirable (e.g. CRISC, CISM, CISSP, CISA).

Cyber risks are accurately identified, documented, and tracked through to resolution or acceptance.

Risk data is complete, consistent, and reliable, supporting meaningful reporting and decision‑making.

Third‑party cyber risks are assessed proportionately and managed without creating unexpected exposure.

Stakeholders experience Cyber GRC as a helpful, pragmatic partner rather than a compliance hurdle.

The Cyber GRC team operates efficiently with clear visibility of risk posture and priorities.

Opportunity to develop deep expertise in cyber risk and third‑party risk management.

Exposure to a wide range of technology, suppliers, and business stakeholders.

Clear development pathway within a maturing Cyber GRC capability.

Supportive environment with strong focus on learning, growth, and professional development.