Cyber Security Analyst - Governance, Risk and Culture (GRC)

About Baringa 

Baringa is a global consulting firm that partners with leaders to drive change and create value. With deep industry expertise, and enabled by advanced technology, the firm helps clients to deliver with greater confidence and certainty. With over 2,000 people across the UK, Europe, North America, Asia and Australia, the firm combines global insight with local understanding.

The firm works across energy and resources, financial services, government and public sector, consumer products and retail, pharmaceuticals and life sciences, manufacturing, and technology, media and telecoms, with capabilities spanning strategy, transformation and operational excellence – all powered by advanced technology, data, AI and digital innovation.

Clients value Baringa’s collaborative approach and the way its teams integrate seamlessly – all working with a shared understanding of what matters most. The firm is known for its kind, curious experts who listen closely and care deeply about client success as they help clients transform energy markets, modernise financial platforms, expand telecoms and digital networks through advanced data analytics, enable digital services in government, and unlock growth in consumer sectors.

Certified as a Great Place to Work around the world, Baringa has been recognised by the Financial Times in 22 categories of its UK Leading Management Consultants rankings, and by Forbes for four consecutive years as one of the World’s Best Management Consulting Firms.

Cyber Security Analyst - Governance, Risk and Culture (GRC)

Baringa’s TeCy Group (Technology & Cyber) is a global function supporting the firm as it enters new markets. We’re on a mission to develop great technology products and deliver great services. We’ve installed a new operating system for ourselves and rebooted what was a corporate IT department to an in-house technology company - transforming the way we work and opening the way to serve Baringa’s clients directly. We’re working on sustainability, committed to Net Zero in our supply-chain and services. We’re keeping our firm safe: protecting our data and our reputation. We are embarking upon and will be the driving force behind a new 3-Year digital strategy for the firm. 

Yes, we’ve got a big job in the Baringa Technology & Cyber group.

So much to build on, so much to progress. So much to deliver. So much to play for! 

Do you know what though? We’re going to do it. All of it and more. We have the support to drive change. We have a diverse group of 90 amazing technology & cyber professionals. We have the belief. We are going to do great things.

Come and join us.

Overview

We are currently looking for a Cyber Security Analyst to join our Governance, Risk and Culture (GRC) capability within the wider Cyber Security Team, where you will play a key role in strengthening the firm’s security posture, ensuring compliance, and embedding a cyber-conscious culture across the organisation. The role contributes to the delivery of governance, risk management and assurance activities, including supplier due diligence, audit responses, and the development and maintenance of security policies, standards and controls.

You will be a key member of a growing team in a dynamic, consulting-led environment, working closely with technical, IT and business stakeholders to identify and manage cyber risks and align security strategy with business priorities. Baringa will support your development across GRC domains, offering exposure to evolving regulatory requirements, cloud technologies and emerging areas such as AI, with a wide range of opportunities to shape our approach and make a meaningful impact.

What will you be doing?

• Develop a complete understanding of Baringa’s technology and information systems.
• Lead in the response to RFPs/audits, including supplier security due diligence and third-party audit and assurance activities.
• Identify and communicate current and emerging security threats and cyber risks.
• Support a program of awareness-raising and training to deliver compliance and to foster a cyber conscious culture across the company.
• Assist with the definition, implementation and maintenance of corporate security policies, standards and procedures.
• Provide ‘hands on’ assistance, particularly in technical control implementation and incident response.
• Coordinating the needs of in-house IT experts and remote employees, vendors and contractors.
• Work as part of a team to communicate ideas, suggestions and solutions that achieve the firm’s long-term objectives, especially the GRC Strategy.
• Align organisational security strategy and infrastructure with overall business and information technology strategy.
• Manage company compliance with information security, policies, standards, contractual obligations and guidance through business managers and champions providing advice, support and guidance on risk based good practice.
• Lead on and produce technical security MI in support of governance and vulnerability management engagements.
• Support client engagement leads on client queries and requests - during the business development process and during ongoing client engagement - regarding Baringa’s information technology security policies and processes.

What are we looking for?

We recruit individuals at all levels based on merit. Some of the key sills we are looking for:

• Experience in full-time operational Cyber Security GRC, or Cyber Security role.
• Experience of compliance requirements for cloud technologies stacks such as Microsoft and AWS .
• Experience utilising emerging technologies, such as AI, to design and implement security solutions, monitoring and improving those solutions while working with a Cyber Security team.
• Thorough understanding of relevant industry security standards and protocols including ISO27001, National Institute of Standards and Technology (NIST), NSCS CAF, SOC, NIS 2 Directive and NCSC Cloud Security Principles.
• Background of consulting and engineering the design and development of security best practices, implementation of security measures, policies and processes to meet business goals, customer needs and regulatory requirements.
• Ability to use logic and reasoning to identify the strengths and weaknesses of IT systems, while seeking out vulnerabilities in IT infrastructures.
• Assist in risk assessment procedures, policy formation, role-based authorisation methodologies, authentication technologies and security attack pathologies.
• Growth mentality with excellent problem-solving skills, willing to assist in all areas of Cyber and to learn new technologies & processes.
• A self-motivated individual with a “can do” attitude, who can work on their own initiative as well as part of a team.
• An excellent communicator who can help develop good Cyber practices with an ability to interact with all levels within the company.
• Strong leadership, stakeholder management, and project/team-building skills, including the ability to lead teams and drive initiatives in multiple departments.

What a career at Baringa will give you 

Putting People First.

Baringa is a People First company and wellbeing is at the forefront of our culture. We recognise the importance of work-life balance and flexible working and provide our staff amazing benefits. Some of these benefits include: 

• Generous Annual Leave Policy: We recognise everyone needs a well-deserved break. We provide our employees with 5 weeks of annual leave, fully available at the start of each year. In addition to this, we have introduced our 5-Year Recharge benefit which allows all employees an additional 2 weeks of paid leave after 5 years continuous service. 

• Flexible Working: We know that the ‘ideal’ work-life balance will vary from person to person and change at different stages of our working lives. To accommodate this, we have implemented a hybrid working policy and introduced more flexibility around taking unpaid leave. 

• Corporate Responsibility Days: Our world is important to us, so all our employees get 3 every year to help social and environmental causes and increase our impact on the communities that mean the most to us. 

• Wellbeing Fund: We want to encourage all employees to take charge and prioritise their own wellbeing. We’ve introduced our annual People Fund to support this by offering every individual a fund to support and manage their wellbeing through an activity of their choice. 

• Profit Share Scheme: All employees participate in the Baringa Group Profit Share Scheme so everyone has a stake in the company’s success. 

Diversity and Inclusion

We are proud to be an Equal Opportunity Employer. We believe that creating an environment where everyone feels a sense of belonging is central to our culture and that diversity is paramount to driving creativity, innovation, and value for our clients and for our people. 

An award-winning workplace

You can be a part of our ‘Great Place to Work’ – with our commitment to women and well-being in the workplace for all. Click here to see some of our recent awards and how we’ve achieved this. 

Using business as a force for good. 

We maintain high standards of environmental performance and transparency, which can be seen through our commitment to Net Zero with our SBTI-verified Scope 1, 2 and 3 emissions reduction targets and our support of the Better Business Act. We report our progress publicly and ensure that we are also externally assessed and scored through organisations like CDP and EcoVadis - helping us to continually identify where we can improve. 

We have a long legacy of supporting the communities in which we work, and offer a variety of ways to contribute, by putting people first and creating impact that lasts. Our Corporate Social Responsibility (CSR) agenda is about giving back to the communities in which we live and work by sharing our skills, talent and time. In essence, we aim to empower and encourage everyone in the firm to contribute to the things we care about, and support registered charities and organisations with a clear social or environmental purpose to increase the positive impact they can have.

Join us

All applications received will be reviewed by a member of our Talent Acquisition team. We never rely solely on automated screening or AI tools to make hiring decisions. Your application will be considered for employment without regard to race, ethnicity, religion, gender, gender identity or expression, sexual orientation, nationality, disability, age, faith or social background. We do not filter applications by university background and encourage those who have taken alternative educational and career paths to apply. We would like to actively encourage applications from those who identify with less represented and minority groups. We operate an inclusive recruitment process, ensuring reasonable adjustments where needed. Please contact a member of our Recruitment Team to discuss further.

Baringa Privacy Notices

For UK & EU

Your personal data will be retained by Baringa for up to two years, in accordance with our UK Recruitment Privacy Notice / EU Recruitment Privacy Notice, to evaluate your application and meet our legal and reporting obligations. In line with the General Data Protection Regulation (GDPR), you have the right to request access to, rectification, or erasure (subject to legal limitations) of your personal data. For more information, please contact us at privacy@baringa.com

For the USA

Your personal data may be retained by Baringa for up to two years, as outlined in our Recruitment Privacy Notice (AMER & APAC), to support the recruitment process and internal reporting requirements. Where applicable, and in accordance with relevant federal and state laws, you may have the right to request access to or correction of your personal information. For further details, please contact privacy@baringa.com

For Australia & Singapore

Your personal data will be retained by Baringa for up to two years, in accordance with our Recruitment Privacy Notice (AMER & APAC), to assess your application and meet applicable reporting and legal obligations. In line with the Australian Privacy Act and Singapore’s Personal Data Protection Act (PDPA), you may have rights to access, correct, or request limited deletion of your personal data. For more information, please contact us at privacy@baringa.com