
Senior Research Analyst – Cyber
Key responsibilities include:
- Project managing the research project process from initiation to completion,
- Conducting primary research with Members, e.g., interviews, online discussions, workshops and surveys,
- Conducting secondary (desktop) research to clarify information security business problems and identify potential responses,
- Synthesising and presenting complex data,
- Engaging directly with Members and a broad range of information security and risk management experts to develop and validate insights,
- Synthesising research data to develop relevant and practical methodologies, processes and solutions,
- Leading weekly or biweekly quality circle discussions with colleagues to develop insights and thought leadership,
- Ensuring high level of engagement with Members using the online collaboration platform,
- Reporting weekly to the project management office on the project status, budget and risks,
- Writing high quality research reports (varying in length up to 60 pages), executive summaries and product launch materials,
- Working with the my clients design and publications team to produce reports with compelling infographics and layout
- Creating complementary deliverables to core reports (e.g., case studies, assessment tools),
- Developing and delivering education and training on research topics, using webcasts, webinars and at industry events
As part of a collaborative delivery team, you will also be required to:
- Peer review research outputs relating to other research projects,
- Present at Chapter meetings (at various international cities around the globe),
- Assist with the development and maintenance of the catalogue of research and tools products, including the Information Risk Analysis Methodology 2 (IRAM2) and the Standard of Good Practice for Information Security (SoGP),
- Assist with account management of the Members around the world,
- Execute other duties that support the business objectives (such as sales support).
About the role
This is an outstanding opportunity for someone who is a prolific reader, creative thinker, and enjoys collaboratively writing and developing thought leadership. There is occasional travel, and considerable exposure to the 400 global member organisations.
Essential requirements:
The candidate must have practical research, information technology, information security or consulting experience and demonstrate knowledge, skills and credentials in five areas.
- Quantitative and qualitative data collection and synthesis
- Experience designing and conducting interviews, surveys and workshops to gather data
- Strong facilitation skills, able to lead large groups to develop and challenge ideas
- Experience analysing qualitative and quantitative data to identify key findings
- Ability to translate research findings into practical insights and recommendations
- Structuring and writing research reports
- Experience writing substantial reports with logical structure leading to a conclusion
- Exceptional logical reasoning skills and ability to structure arguments based on evidence
- Exceptional writing skills, able to present arguments in a clear and compelling manner
- Engagement with clients
- Experience engaging with senior managers and/or executives
- Strong verbal skills, with the ability to present complex ideas in a clear and simple way
- Experience working with or in large complex organisations
- Project management
- Self-starter with experience initiating projects and successfully delivering through to completion
- Tenacious, with the ability to identify and pursue solutions through to a successful conclusion – delivering to time, cost and quality,
- Experience identifying delivery risks and resolving issues
- Team working and collaboration
- Capable of taking initiative to solve problems with peers
- Experience leading delivery work in a multi-disciplinary team
Desirable requirements:
- Subject matter expertise in qualitative or quantitative research methods and techniques.
Subject matter expertise in Cyber Security (information security). - Knowledge of information risk management approaches (e.g., IRAM2).
- Knowledge of information security standards (e.g., ISO 27001, ISO 27005, ITIL, NIST Cyber Security Framework, PCI DSS and the Standard of Good Practice for Information Security)
- Operational experience in information technology (e.g., information risk assessment, information system architecture, IT security, systems development techniques, data or process modelling and threat modelling).
- Relevant security (e.g. CISSP, CISM, ITIL) or research accreditations (e.g. PhD, MBA)