Corporate Information Security Analyst

Overview:

We are looking for an individual to join Baringa’s Corporate Information Security Team, reporting to our Information Security Officer (ISO), and working with the wider IT team, and the business to support InfoSec across Baringa.

The Information Security Analyst will be accountable for supporting Baringa’s information security requirements and assist with the provision of the controls to manage information security risks. The new member will also be expected to assist the ISO in providing technical security guidance, design consultation, and documentation of the security aspects of Baringa’s services as well as review of client contracts as needed.

Baringa is an independent business and technology consultancy.  We help businesses run more effectively, navigate industry shifts and reach new markets. We use our industry insights, ideas and pragmatism to help each client improve their business. Collaboration is central to our strategy and culture ensuring we attract the brightest and the best. And it’s why clients love working with us.

Within Baringa our Corporate Team provides capabilities and services across HR, Technology, Business Management & Change and Finance – all of which contribute directly to the firm’s ability to deliver strategic and business goals.  The scale and complexity of the business has increased dramatically in recent years, in the light of which we are now making new investments in the leadership and capability of the Corporate team to ensure our ongoing success for the increased growth and expansion to come.

What will you be doing?
"Document it or it didn't happen"
  • Review, maintain, and optimise the information security management system (ISMS), policies and registers

"There's no advancement of business without risk"

  • Perform audits and risk assessments for the identification, prioritisation, and mitigation of information security risks

"Security is only as secure as the weakest link"

  • Provide commercial bid support as a subject matter expert in information security, by reviewing and defining security clauses in contractual agreements with clients and suppliers
  • Perform risk assessments of outsourced activities and liaise with external suppliers to ensure appropriate security levels

"Security is a people's problem"

  • Create and deliver information security awareness material & activities
  • Educate employees about the benefits of information security, security policies & practices, and monitor effectiveness
  • Enforcement and oversight of security compliance throughout the company

"Because breaches happen"

  • Work closely with our Managed Security Service Provider to improve the company monitoring, logging, and alerting regime
  • Act as the first point of contact for security incidents, providing timely responses, coordination, and communication throughout all stages
  • Perform hands-on investigations to analyse incidents, identify suspicious behaviour, gather evidence, and build on lessons learned to prevent their recurrence

"The most secure technology is one your users actually want to use"

  • Provide ‘hands on’ expertise where called for, particularly in system audits but also in technical control implementation or administration where needed
  • Perform vulnerability scans, analysis, and prioritise identified weaknesses, working with the IT Team to remediate identified issues

"Stay secure even during adverse times"

  • Assist with the business impact analysis process and the creation of response plans; including coordination, execution and testing
  • Perform post-incident review of the recovery plans

"Change is the only constant"

  • Research and implement new security technologies to better protect company information and assets
  • Work as part of a team to communicate ideas, suggestions and solutions that achieve the firm’s long-term objectives
What’s in it for both of us?
So, what are we looking for?
 
We recruit individuals at all levels based on merit. If you’ve got the skills we are after we would love to talk to you.

Here are a few of our key requirements:

Mandatory

  • Minimum 3 years of experience in full-time information security role
  • Demonstrated experience and skills in planning, implementing, and maintaining an ISO 27001-compliant ISMS
  • Hands-on experience with security technologies such as: Security Information and Event Management systems (SIEM), vulnerability scanners, Intrusion Detection Systems (IDS), firewalls, web and email filtering, endpoint protection, mobile device management (MDM)
  • Hacker mentality with excellent problem-solving skills, willing to assist in all areas of InfoSec and to learn new technologies & processes
  • A self-motivated individual with a “can do” attitude, who can work on their own initiative as well as part of a team
  • An excellent communicator who can help develop good InfoSec practices with an ability to interact with all levels within the company

Desired

  • Technical background with experience in Risk Management and Compliance
  • Information security certifications a plus (Lead Auditor/Implementer preferred)
  • Coding or scripting skills a plus (e.g. Powershell, Python, etc.)
 
What's in it for you?
 
Well, it’s up to you. Baringa is what you make it...
  • Promotion is based on your own performance, and we give you every opportunity to progress by having four promotional reviews a year
  • We invest in you, to ensure you remain the best in the business
  • We believe we are a great place to work – but it’s not just us that says that. We have been ranked first as the Best Workplace in Large Workplaces for businesses with 500+ employees in the UK