[Hiring] Cyber Security Analyst - Governance, Risk and Culture (GRC) @Baringa

Role Description

Baringa’s TeCy Group (Technology & Cyber) is a global function supporting the firm as it enters new markets. We’re on a mission to develop great technology products and deliver great services. We’re working on sustainability, committed to Net Zero in our supply-chain and services. We are embarking upon and will be the driving force behind a new 3-Year digital strategy for the firm.

We are currently looking for a Cyber Security Analyst to join our Governance, Risk and Culture (GRC) capability within the wider Cyber Security Team, where you will play a key role in strengthening the firm’s security posture, ensuring compliance, and embedding a cyber-conscious culture across the organisation. The role contributes to the delivery of governance, risk management and assurance activities, including:

• Supplier due diligence
• Audit responses
• Development and maintenance of security policies, standards and controls

You will be a key member of a growing team in a dynamic, consulting-led environment, working closely with technical, IT and business stakeholders to identify and manage cyber risks and align security strategy with business priorities.

What will you be doing?

• Develop a complete understanding of Baringa’s technology and information systems.
• Lead in the response to RFPs/audits, including supplier security due diligence and third-party audit and assurance activities.
• Identify and communicate current and emerging security threats and cyber risks.
• Support a program of awareness-raising and training to deliver compliance and to foster a cyber-conscious culture across the company.
• Assist with the definition, implementation and maintenance of corporate security policies, standards and procedures.
• Provide ‘hands on’ assistance, particularly in technical control implementation and incident response.
• Coordinate the needs of in-house IT experts and remote employees, vendors and contractors.
• Work as part of a team to communicate ideas, suggestions and solutions that achieve the firm’s long-term objectives, especially the GRC Strategy.
• Align organisational security strategy and infrastructure with overall business and information technology strategy.
• Manage company compliance with information security, policies, standards, contractual obligations and guidance through business managers and champions providing advice, support and guidance on risk-based good practice.
• Lead on and produce technical security MI in support of governance and vulnerability management engagements.
• Support client engagement leads on client queries and requests regarding Baringa’s information technology security policies and processes.

Qualifications

• Experience in full-time operational Cyber Security GRC, or Cyber Security role.
• Experience of compliance requirements for cloud technologies stacks such as Microsoft and AWS.
• Experience utilising emerging technologies, such as AI, to design and implement security solutions.
• Thorough understanding of relevant industry security standards and protocols including ISO27001, NIST, NSCS CAF, SOC, NIS 2 Directive and NCSC Cloud Security Principles.
• Background of consulting and engineering the design and development of security best practices.
• Ability to use logic and reasoning to identify the strengths and weaknesses of IT systems.
• Assist in risk assessment procedures, policy formation, role-based authorisation methodologies, authentication technologies and security attack pathologies.
• Growth mentality with excellent problem-solving skills.
• A self-motivated individual with a “can do” attitude.
• An excellent communicator who can help develop good Cyber practices.
• Strong leadership, stakeholder management, and project/team-building skills.

Benefits

• Generous Annual Leave Policy: 5 weeks of annual leave, fully available at the start of each year, plus an additional 2 weeks of paid leave after 5 years continuous service.
• Flexible Working: Hybrid working policy with flexibility around taking unpaid leave.
• Corporate Responsibility Days: 3 days per year to help social and environmental causes.
• Wellbeing Fund: Annual People Fund to support and manage wellbeing through an activity of choice.
• Profit Share Scheme: All employees participate in the Baringa Group Profit Share Scheme.