Job Description

Role Purpose

Working within the CISO department as part of the security engineering team, the BA will be working with internal and external stakeholders (both IT and non-IT areas). Accountable for managing key business stakeholders to define requirements for change initiatives aimed at improving processes and systems ensuring alignment to business benefits and assuring quality delivery & testing of these requirements as per business protection standards and technical specifications.

͏

The “Cyber Security Business Analyst” is responsible for

• Lead the facilitation of business workshops to elicit, challenge, develop and convert business, functional, and non-functional requirements into process/systems solutions considering IT and business drivers.

• Ensure all documented requirements are delivered in a clear, concise, and timely fashion, suitable for handover to the Project delivery teams including Solution Architects and Test Leads.

• Ensure that the requirements’ acceptance criteria, integrity and traceability is maintained throughout the project lifecycle working alongside both internal and external suppliers. • Qualification and quantification of business benefits relating to requirements for change and improved business processes, including impact assessment of change requests to scope and requirements.

• Ensure the quality & timeliness of the analysis, requirements, specifications & acceptance criteria produced with the security engineering function to guide the strategy around new security technology controls as well as with infrastructure engineering and application development programs and teams to advise on the security risks they need to address and the correct selection and implementation of controls.

• Work directly with multiple IT infrastructure and application development projects and teams to apply standard technical risk assessment methods to identify and prioritize risks for remediation

• Review architecture and design documents to help ensure the correct implementation of security technology controls

• Contribute to the development of improved risk assessment approaches

• Contribute to the systemization of the delivery of security advisory services

͏

Experience:

Knowledge of risk management concepts including risk assessment and risk treatment techniques and methodologies, including:

• Risk Assessment methods and frameworks (IRAM2, OCTAVE, NIST, ISO 27005 etc)

•Relevant experience in Business Analyst or relevant role

• Information Security Management System frameworks and standards and their application

• Compliance frameworks relevant to financials services including SOX, PCI DSS, SSAE16, etc)

• Good working knowledge of one or more security technologies and domains, including, but not limited to network security, cyber security, data security, identity and access management, application security & cloud security(SaaS,IaaS,PaaS)

• Experience in advising on or developing security architectures and designs for one or more security technology domains

• Security technologies (firewalls, WAFs, DLP, cryptography, vulnerability scanning, identity and access management, etc.)

• Delivering security changes to meet the CISO business needs. • Appreciation of different cyber threats such as malicious cyber-attacks, phishing, data theft, domain fronting, HTML smuggling etc.

• Good understanding of cyber security working in financial organisations.

• Good understanding of the need for tight data loss prevention controls to protect financial organisations from data theft and leakage etc

• Good understanding of networks, firewalls, proxies, traffic routing and management.

• A good understanding of risk and issue management.

• Basic cloud knowledge on any of cloud like AWS, Azure, GCP

͏

Skills Required:

• Proven business analysis, problem solving, issue tracking and resolution skills

• An in-depth understanding of cyber security and security operations concepts, tooling and practices

• Experience as Agile Business Analyst within a cyber security environment

• Good communication skills and the ability to capture requirements and express them in a clear and concise manner

• Ability to develop user flows and process diagrams and documentation

• An appreciation of threat intelligent techniques and the threat landscape for Financial Services organizations

• Created and published procedural and policy documentation and guidance

• Bridge the communications gap between the business users and security functions during process analysis.

• Bridge the communications gap between the CISO teams and cyber security tool providers during solution analysis.

• Impact assess security problems raised by CISO teams.

• Map current and target security operations model and processes.

• Gather business requirements to assist with finding appropriate solutions to cyber security problems.

• Facilitate ‘show and tell’ sessions with business users and/or CISO teams to demonstrate security solutions.

• Security qualifications, which may include CISM, CISA, CISSP, BS7799 Auditor or other.

͏