Skip to main content

Beta What do you think of this service? Your feedback will help us to improve it.

  5. Cyber Security Risk Manager Associate

Cyber Security Risk Manager Associate

Role summary

Cyber Security Governance & Risk Management is the monitoring of compliance with agreed cyber security policies and the assessment and management of relevant risks

Role expectations

Typically, this role level may include the following responsibilities.

Work within established security and risk management governance structures, usually under supervision to support, review and undertake straightforward risk management activities such as:

  • helping with the analysis and derivation of business-supporting security needs
  • undertaking Cyber Security related risk assessments, basic threat assessments and other risk management activities

Have an understanding of the applicability of appropriate legislation and regulations

Provide advice to address identified Cyber Security related risks by applying of a variety of security capabilities, which may include using published guidance, standards or experts as appropriate. The scenarios will be straightforward, and the advice given will be proportionate and contextualised to the use case

Provide straightforward advice to validate the effectiveness of risk mitigation measures, including an understanding of how to use different assurance activities (such as a pen test) and make recommendations for improvement

Help risk or service owners to make decisions that are well informed by good and clear security advice, including contributing to reports or working within established reporting chains in a security team

Support implementation of the monitoring roadmap to enhance monitoring in line with requirements, policies and standards to govern all activities and outputs

Monitor, triage and investigate security alerts on protective monitoring platforms to identify security incidents and perform analysis of security event data to support the response, reporting or escalating where appropriate

Design, develop and support automated monitoring processes, using a variety of the latest SIEM (Security Information and Event Management) and network analysis tools, techniques and procedures to:

  • detect malicious activity
  • ensure continuous improvement through dashboard monitoring or retrospective assessment

Entry route and progression

Internal

Suitable for an individual from a role within the Government Security Profession or those with a clear interest and aptitude for technology and security risk management

External

Suitable for an individual who has worked in a Cyber Security risk management role in industry. More junior roles will be suitable for those with a clear interest and aptitude for technology and security risk management

Progression

At Associate and Lead you may consider the next level within this role family. You may also consider other Cyber roles, for example Chief Security Officer, CISO or Security Adviser.

Accreditation

For further information on practitioner level, see Standard of Professional Competence and Commitment: Cyber Security Governance and Risk Management

Skills

Information risk assessment and risk management

Practitioner

Applied security capability

Practitioner

Protective security

Working level

Threat understanding

Working level

Learning pathway

Core

CompTIA IT Fundamentals
NIST Cyber Security Professional (NCSP) Foundation Certificate
Management of Risk (M_o_R) Foundation / Practitioner
QACSRM (Certified Security Risk Manager)
QACCGIAO (Certificate in Cyber Governance for Information Asset Owners)
CompTIA Security+
Certified ISO 27001 Practitioner

Recommended

Additional

Sign up to UK Government Security

Subscribe to our newsletters to receive notifications when changes to strategy, policy, standards, and guidance are published on the website.

Sign up now