Security Risk Analyst

Role Overview

Supports and strengthens Arqiva’s governance, risk, and compliance (GRC) capabilities by performing security risk assessments, supporting compliance activities, and helping ensure security policies and controls are effectively embedded across the organisation. Operates as an experienced, senior‑level analyst within the GRC function, providing guidance, conducting complex assessments, and contributing to the organisation’s overall security maturity.

We operate a flexible, hybrid working environment – requirement to travel to either our Winchester or London office up to twice a week.

• Competitive salary
• 10% bonus
• Work Life Smarter – our commitment to a flexible and hybrid working culture
• Generous pension scheme starting at 6% rising to 10%
• A unique wellbeing programme that looks after the whole you
• Access to multiple learning platforms to support your individual development
• Active and diverse networks that build community, support wellbeing and advocate for change
• A comprehensive set of benefits including discounts on big brands, gym flex memberships and paid volunteering leave

• Lead and perform security risk assessments for internal systems, business processes, and projects.
• Identify, document, and analyse risks, recommending suitable mitigation actions.
• Review and challenge risk findings raised by internal teams and auditors.
• Support remediation planning and track follow‑up activities with stakeholders.
• Conduct or support compliance checks, security assessments, and control testing.
• Ensure alignment with regulatory and standards-based requirements (e.g., GDPR, ISO 27001).
• Participate in internal and external audits by preparing evidence, coordinating responses, and ensuring remediation actions are completed.
• Contribute to the development, maintenance, and lifecycle management of security policies, standards, and procedures.
• Provide informed risk, governance, and compliance guidance to teams across the organisation.
• Ensure governance documentation remains accurate and aligned with evolving business needs.
• Identify opportunities to enhance risk management, governance processes, and compliance workflows.
• Support the rollout and adoption of GRC tools, frameworks, or methodologies.
• Integrate lessons learned from incidents, audits, and assessments into updated processes and documentation.
• Work closely with cross‑functional teams to support risk‑based decision making.
• Contribute to the design and delivery of security awareness and training materials.
• Act as a knowledgeable point of contact for GRC‑related queries.
• Support wider GRC activities as required, aligned to the E‑10 level of responsibility.

• Strong understanding of cyber security principles and practices.
• Good knowledge of risk management methods and the ability to assess and interpret security risks.
• Solid understanding of governance and compliance frameworks (e.g., ISO 27001, GDPR).
• Excellent analytical and problem‑solving skills.
• Able to communicate technical risk clearly to both technical and non‑technical audiences.
• Ability to work both independently and collaboratively across teams.
• Strong stakeholder and relationship‑management skills.

• Experience in cyber security, information security, governance, risk, or compliance.
• Good understanding of security standards and industry best practices.
• Experience contributing to audits, compliance checks, and risk assessments.
• Ability to apply governance and compliance requirements in a practical business context.

Degree or equivalent experience in Cyber Security, Information Systems, Computer Science, or similar. Certifications such as CISSP, CISM, or CRISC are beneficial but not essential.

Successful candidate will be required to successfully undergo UK Security Clearance and must be resident within the UK for at least five years.