Cyber Security Analyst

Description:

Cyber Security Analyst - Governance, Risk and Culture (GRC)

Baringa’s TeCy Group (Technology & Cyber) is a global function supporting the firm as it enters new markets. We’re on a mission to develop great technology products and deliver great services. We’ve installed a new operating system for ourselves and rebooted what was a corporate IT department to an in-house technology company - transforming the way we work and opening the way to serve Baringa’s clients directly. We’re working on sustainability, committed to Net Zero in our supply-chain and services. We’re keeping our firm safe: protecting our data and our reputation. We are embarking upon and will be the driving force behind a new 3-Year digital strategy for the firm.

Yes, we’ve got a big job in the Baringa Technology & Cyber group.

So much to build on, so much to progress. So much to deliver. So much to play for! 

Do you know what though? We’re going to do it. All of it and more. We have the support to drive change. We have a diverse group of 90 amazing technology & cyber professionals. We have the belief. We are going to do great things.

Come and join us.

Overview

We are currently looking for a Cyber Security Analyst to join our Governance, Risk and Culture (GRC) capability within the wider Cyber Security Team, where you will play a key role in strengthening the firm’s security posture, ensuring compliance, and embedding a cyber-conscious culture across the organisation. The role contributes to the delivery of governance, risk management and assurance activities, including supplier due diligence, audit responses, and the development and maintenance of security policies, standards and controls.

You will be a key member of a growing team in a dynamic, consulting-led environment, working closely with technical, IT and business stakeholders to identify and manage cyber risks and align security strategy with business priorities. Baringa will support your development across GRC domains, offering exposure to evolving regulatory requirements, cloud technologies and emerging areas such as AI, with a wide range of opportunities to shape our approach and make a meaningful impact.

What will you be doing?

Develop a complete understanding of Baringa’s technology and information systems.
Lead in the response to RFPs/audits, including supplier security due diligence and third-party audit and assurance activities.
Identify and communicate current and emerging security threats and cyber risks.
Support a program of awareness-raising and training to deliver compliance and to foster a cyber conscious culture across the company.
Assist with the definition, implementation and maintenance of corporate security policies, standards and procedures.
Provide ‘hands on’ assistance, particularly in technical control implementation and incident response.
Coordinating the needs of in-house IT experts and remote employees, vendors and contractors.
Work as part of a team to communicate ideas, suggestions and solutions that achieve the firm’s long-term objectives, especially the GRC Strategy.
Align organisational security strategy and infrastructure with overall business and information technology strategy.
Manage company compliance with information security, policies, standards, contractual obligations and guidance through business managers and champions providing advice, support and guidance on risk based good practice.
Lead on and produce technical security MI in support of governance and vulnerability management engagements.
Support client engagement leads on client queries and requests - during the business development process and during ongoing client engagement - regarding Baringa’s information technology security policies and processes.

What are we looking for?

We recruit individuals at all levels based on merit. Some of the key sills we are looking for:

Experience in full-time operational Cyber Security GRC, or Cyber Security role.
Experience of compliance requirements for cloud technologies stacks such as Microsoft and AWS .
Experience utilising emerging technologies, such as AI, to design and implement security solutions, monitoring and improving those solutions while working with a Cyber Security team.
Thorough understanding of relevant industry security standards and protocols including ISO27001, National Institute of Standards and Technology (NIST), NSCS CAF, SOC, NIS 2 Directive and NCSC Cloud Security Principles.
Background of consulting and engineering the design and development of security best practices, implementation of security measures, policies and processes to meet business goals, customer needs and regulatory requirements.
Ability to use logic and reasoning to identify the strengths and weaknesses of IT systems, while seeking out vulnerabilities in IT infrastructures.
Assist in risk assessment procedures, policy formation, role-based authorisation methodologies, authentication technologies and security attack pathologies.
Growth mentality with excellent problem-solving skills, willing to assist in all areas of Cyber and to learn new technologies & processes.
A self-motivated individual with a “can do” attitude, who can work on their own initiative as well as part of a team.
An excellent communicator who can help develop good Cyber practices with an ability to interact with all levels within the company.
Strong leadership, stakeholder management, and project/team-building skills, including the ability to lead teams and drive initiatives in multiple departments.