Description:
- About the Role
- This role is key role in delivering cyber security activities that strengthen NPL’s security posture and manage security risk. This role is responsible for assisting with the day-to-day operations of security information systems, including preventing cyber-attacks, monitoring for security incidents, and responding to potential threats. This role supports both technical and governance activities to meet the organisations security objectives.
Key Responsibilities
- Support the development and implementation of cyber security processes and procedures to strengthen protection and resilience
- Evaluate risks associated with new technologies, suppliers, and projects in support of business delivery and third-party risk management
- Conduct vulnerability scans and assessments as part of vulnerability management; prioritise and collaborate with IT operations to remediate identified weaknesses in systems and applications
- Monitor and respond to cyber security event alerts, investigating and escalating incidents as required
- Contribute to assurance and compliance activities, including policy reviews, audits, and regulatory checks
- Support process improvement initiatives to enhance efficiency and effectiveness across cyber security people, process, and technology
- Assist with broader cyber security-related IT requests, including travel security requirements, software requisitions, and general queries
- Prepare detailed reports on security incidents, vulnerabilities, and trends to inform decision-making and continuous improvement
- Maintain security metrics and dashboards to measure performance and support reporting
- Maintain and update action trackers, ensuring accurate status reporting and timely follow-up on outstanding tasks
- Collaborate with internal teams and external partners to ensure alignment with security standards and best practices
- Responsible for taking reasonable duty of care for Health & Safety of themselves and of other persons who may be affected by their acts or omissions at work and always follow direct instructions given with regards to Health & Safety.
- About You
- Core Skills (Essential):
- Experience in IT, engineering or cyber security (typically 2-3+ years), or equivalent practical experience in an operational environment.
- A curious and analytical mindset, with the ability to dig deeper to understand root causes, patterns, and underlying risks.
- Strong analytical skills, including the ability to interpret security data, identify trends, and draw meaningful conclusions.
- High attention to detail, with the ability to accurately document activities, findings, and outcomes.
- Understanding of cyber security risks, controls, and operational security practices, and how these can be applied pragmatically to enable the business.
- Ability to balance security requirements with business needs, taking a proportionate, risk‑based approach.
- Experience working collaboratively with IT teams and wider stakeholders to enable secure delivery.
- Ability to follow defined processes while constructively contributing to their improvement
- Clear written and verbal communication skills, including explaining security issues in a business‑focused way.
- A delivery‑focused, pragmatic approach and willingness to learn and develop.
Additional Skills And Experience (Desirable)
Candidates may bring stronger experience in some of the areas below; however, all analysts are expected to contribute across both operational security and GRC activities as part of the role.
Operational Security Experience
- Exposure to working in or alongside a SOC or security operations function
- Familiarity with tools such as SIEM, endpoint protection, vulnerability scanning, or security monitoring platforms
- Experience handling or supporting cyber security incidents
Governance, Risk And Compliance Experience
- Experience supporting audits, assurance activities, or compliance exercises
- Experience assessing risk and documenting mitigating controls
- Awareness of cyber security standards or frameworks (e.g. ISO 27001, NIST, Cyber Essentials)
- Experience producing security metrics, dashboards, or management reporting