Sr. Risk Analyst

BAT is evolving at pace into a global multi-category business.  We are on a mission to decrease the health impact of our industry 
To achieve our ambition, we are looking for colleagues who are ready to Be The Change. Come, join us on this journey!

JOB TITLE: Sr. Risk Analyst

FUNCTION: DBS

SUB FUNCTION:  Cyber Resilience Team

CITY & COUNTRY: Global – Warsaw, Poland

What are the key objectives and expectations from this role?  

We are seeking a highly skilled and experienced Sr. Risk Analyst to join our dynamic and growing team. The ideal candidate will be responsible for identifying, assessing, and managing cyber risks to protect our organization's information assets and ensure the confidentiality, integrity, and availability of our data. The Sr. Risk Analyst will work closely with various departments to develop and support the development and implementation of a robust risk management framework that aligns with the evolving digital landscape.

Direct impact of this role:

1. Develop and maintain strong relationships with the Enterprise Risk Management team and stakeholders from Regional and Central Functions.
2. Perform thorough risk assessments to identify, assess, and prioritize cyber risks related to business processes, emerging technologies, digital platforms, and cloud-based services.
3. Keep the organization's risk register up to date, ensuring timely tracking and mitigation of risks.
4. Create dashboards, reports, and presentations to provide leadership with clear insights into the organization's risk posture.
5. Continuously monitor and review the effectiveness of risk management strategies, proposing necessary adjustments as needed.

ACCOUNTABILITIES

• Risk Assessment: Conduct thorough assessments to identify, evaluate, and prioritize cyber risks related to business processes, emerging technologies, digital platforms, and cloud-based services.  
• Risk Register Management: Maintain and update the organization's cyber risk register to ensure timely tracking, monitoring, and mitigation of identified risks.  
• Risk Reporting and Insights: Develop dashboards, reports, and presentations to provide leadership with clear, actionable insights into the organization's cyber security risk posture.  
• Risk Mitigation Advisory: Provide expert advisory on strategies to mitigate identified cyber security risks
• Continuous Improvement and Automation: Facilitate ongoing improvement initiatives to enhance cyber risk management processes and their automation.
• Cross function collaboration: Build and maintain strong relationships with Regional and Central Function teams, including Enterprise Risk Management, to align risk management efforts across the organization.  
• Security Audits and Assessments: Support security audits to validate the effectiveness of cyber risk management processes and identify areas for improvement.
• Continuous Learning: Stay informed about the latest cybersecurity trends, threats, and best practices, incorporating them to strengthen the organization’s cybersecurity posture.  

• EXPERIENCE, SKILLS, KNOWLEDGE Risk Management Effectiveness: Continuously review and monitor the effectiveness of cyber risk management strategies, proposing adjustments as necessary to address evolving threats.

ESSENTIAL

Experience & Technical Skills Required

• 5+ years of experience in cybersecurity, risk management, IT assurance or related roles.
• Cybersecurity Fundamentals:
  • Strong knowledge of security frameworks and standards (e.g., NIST RMF, ISO 27001, FAIR, COBIT) 
  • Proficiency in using risk management tools and GRC platforms (e.g., ServiceNow IRM, RSA Archer).
  • Understanding of penetration testing and security validation processes.  
  • Understanding of secure cloud computing, emerging technologies, and digital platforms.  
• Compliance and Regulatory Knowledge:
  • Familiarity with cybersecurity regulations and standards such as GDPR, CCPA, PCI DSS, and SOX.
  • Ability to assess compliance requirements and incorporate them into risk management processes.  
• Adequate technical knowledge and skills enabling effective communication with IT Services, understanding risks and corresponding mitigations.

Functional / Leadership Skills Required

• Risk Communication: Proficient in conveying complex cyber risks in business-relevant terms to both technical and non-technical stakeholders.

• Project Management:
  • Strong organizational skills to manage multiple concurrent initiatives.  
  • Familiarity with project management methodologies to drive risk-related projects.
• Data Analytics and Visualization:
  • Ability to analyse and interpret complex data to assess risk and trends.  
  • Proficiency in creating dashboards and reports using tools like Power BI, or Excel.  
• Self-motivated and results focused; ability to strengthen the team and its mission.
• Attention to detail and ability to manage multiple priorities in a fast-paced environment.  

Education / Qualifications / Certifications Required

• Degree or equivalent in Cybersecurity, Information Technology, or a related field

BENEFICIAL

• Certified in Risk and Information Systems Control (CRISC)
• Certified Information Security Manager (CISM)
• Certified Information Systems Security Professional (CISSP)

What we offer you?
•    We offer a market leading annual performance bonus (subject to eligibility)
•    Our range of benefits varies by country and includes diverse health plans, initiatives for work-life balance, transportation support, and a flexible holiday plan with additional incentives
•    Your journey with us isn't limited by boundaries; it's propelled by your aspirations. Join us at BAT and become a part of an environment that thrives on internal advancement, where your career progression isn't just a statement – it's a reality we're eager to build together. Seize the opportunity and own your development; your next chapter starts here.
•    You'll have access to online learning platforms and personalized growth programs to nurture your leadership skills
•    We prioritise continuous improvement within a transformative environment, preparing for ongoing changes

WHY JOIN BAT?
We’re one of the few companies named as a Global Top Employer by the Top Employers Institute – certified in offering excellent employee conditions.

At BAT, we champion collaboration, inclusion, and partnership as the bedrock of our values. We wish to foster an environment where every individual can thrive, irrespective of factors such as gender, sexual orientation, marital or civil partnership status, gender reassignment, race, religion or belief, colour, nationality, ethnic or national origin, disability, age, skills, experience, education, socio-economic and professional background, as well as diverse perspectives and thinking styles. We recognise that our strength lies in embracing talent from all walks of life, empowering us to develop our culture of inclusivity and better achieve our business objectives.

We view career breaks not as obstacles but as opportunities and encourage everyone, without hesitation, to apply. Through our Global Returners program, we provide support to professionals seeking to re-enter the workforce after an extended absence, be it for family care, parental leave, national service, sabbatical, or starting their own venture.
Come bring your difference and see what is possible for you at BAT. Learn more about our culture and our award winning employee experience here.

We take pride in being a Disability Confident Employer. If you need any reasonable adjustments or accommodations to be made during the recruitment process to support you performing at your best, please inform the recruitment partner who will be in touch should your profile be selected for the role you applied for. We are wholeheartedly committed to optimising your prospects of success by making suitable arrangements so that you may showcase your full potential.