The Security Business Analyst will be an interface between technology teams, support teams, and business partners to identify and define solutions to maximize the value delivered by an organization to its stakeholders.
Business Analysts work across all levels of an organization and participate in defining the goals and requirements for programs and projects or supporting continuous improvement in its technology and processes.
Determines the overall requirements gathering strategy and plans the requirements phase of the project
produce the Business Requirements Document.
Acts as the liaison among the stakeholders to elicit, analyze, document, communicate and validate business and system requirements using industry-leading practices within the business analyst profession.
Ensures all requirements are fulfilled by the technical design.
Produce/Reviews the test strategy & plans, test cases and test scripts ensuring traceability and documentation to meet all requirements and Project Management standards (PMS) and Systems Development Framework (SDF) guidelines.
Support the Project Manager to ensure delivery of Project Objectives (documented in PED) and Security Team governance, risk and compliance objectives Single point of contact for planning and drive the operations readiness to adopt the new solutions/deliverables and assessment activities
Produce and obtain signoffs for all the required project documentation to comply with PMS and SDF requirements.
Track multiple potential deficiencies as identified in assessments until resolution is sufficiently demonstrated
Successfully engage in multiple security governance adherence initiatives simultaneously
Perform subject matter expert role for audit and compliance requirements of the project.
Develop and deliver progress and remediation reports and presentations as directed by Security Team leadership
Promote a risk-aware culture, ensure efficient and effective risk and security management practices by adhering to required standards and processes
Requirements
Minimum five years of governance; Risk and compliance related work, preferably for cloud IT or Cyber security-related operations/projects.
Experience with Business Operations (Security Operations Centre preferred) and Process documentation and requirements gathering
Experience working both independently and, in a team, oriented, collaborative environment
Recognize complex problems, analyze situations and provide suggested/implemented resolution(s)
Ability to interact professionally with a diverse group including executives, managers and subject matter experts
Ability to apply critical thinking to control and business risk interpretations on behalf of the Cyber Security Team and clearly articulate
Ability to understand concepts related to identifying and assessing cyber risks as applicable to controls frameworks
Flexibility to conform to shifting priorities through analytical and problem-solving capabilities
Prioritize work tasks, direct work efforts and facilitate deficiency closures
Exhibit excellent written and oral communications skills and professionalism
Understand and work effectively in a complex, matrixed environment
Proficient in MS Office products 4 years college is minimally required
Bachelor’s Degree in business, Computer Science, Engineering, or related field is preferred
Industry recognized audit and assessment certification is preferred (e.g. CISA, CRISC, QSA, etc.) and Business Analysts certification.
Industry recognized network or cyber security certification is preferred (e.g. CISSP, CISM, SANS, etc.)