Skip to main content

Beta What do you think of this service? Your feedback will help us to improve it.

  5. Cyber Security Governance and Risk Management Associate

Cyber Security Governance and Risk Management Associate

Role summary

Cyber Security Governance and Risk Management is the monitoring of compliance with agreed cyber security policies and the assessment and management of relevant risks.

Role expectations

At this role level, you will:

  • Work within established security and risk management governance structures, usually under supervision to support, review and undertake straightforward risk management activities such as:
    • helping with the analysis and derivation of business-supporting security needs
    • undertaking Cyber Security related risk assessments, basic threat assessments and other risk management activities
  • Have an understanding of the applicability of appropriate legislation and regulations
  • Provide advice to address identified Cyber Security related risks by applying of a variety of security capabilities, which may include using published guidance, standards or experts as appropriate
  • The scenarios will be straightforward, and the advice given will be proportionate and contextualised to the use case
  • Provide straightforward advice to validate the effectiveness of risk mitigation measures, including an understanding of how to use different assurance activities (such as a pen test) and make recommendations for improvement
  • Help risk or service owners to make decisions that are well informed by good and clear security advice, including contributing to reports or working within established reporting chains in a security team
  • Support implementation of the monitoring roadmap to enhance monitoring in line with requirements, policies and standards to govern all activities and outputs
  • Monitor, triage and investigate security alerts on protective monitoring platforms to identify security incidents and perform analysis of security event data to support the response, reporting or escalating where appropriate
  • Design, develop and support automated monitoring processes, using a variety of the latest SIEM (Security Information and Event Management) and network analysis tools, techniques and procedures to:
    • detect malicious activity
    • ensure continuous improvement through dashboard monitoring or retrospective assessment

Accreditation skills

Accreditation level  – Practitioner

For information of accreditation, see the UK Cyber Security Council – Standard of Professional Competence and Commitment: Cyber Security Governance and Risk Management

Learning pathway

Entry level

CompTIA IT Fundamentals

NIST Cyber Security Professional (NCSP)

Foundation Certificate Management of Risk (M_o_R) Foundation

QACSRM (Certified Security Risk Manager)

QACCGIAO (Certificate in Cyber Governance for Information Asset Owners)

Associate

CompTIA Security+

Certified ISO 27001 Practitioner

Management of Risk (M_o_R) Practitioner”

Skills

Information risk assessment and risk management

Practitioner

Applied security capability

Practitioner

Protective security

Working

Threat understanding

Working

Sign up to UK Government Security

Subscribe to our newsletters to receive notifications when changes to strategy, policy, standards, and guidance are published on the website.

Sign up now