Job description:
Job Description
Purpose: the BA will be working with internal and external stakeholders (both IT and non-IT areas). Accountable for managing key business stakeholders to define requirements for change initiatives aimed at improving processes and systems ensuring alignment to business benefits and assuring quality delivery & testing of these requirements as per business protection standards and technical specifications.
The "Cyber Security Business Analyst" are responsible for
• Lead the facilitation of business workshops to elicit, challenge, develop and convert business, functional, and non-functional requirements into process/systems solutions considering IT and business drivers.
• Ensure all documented requirements are delivered in a clear, concise, and timely fashion, suitable for handover to the Project delivery teams including Solution Architects and Test Leads.
• Ensure that the requirements' acceptance criteria, integrity and traceability is maintained throughout the project lifecycle working alongside both internal and external suppliers.
• Ensure the quality & timeliness of the analysis, requirements, specifications & acceptance criteria produced with the security engineering function to guide the strategy around new security technology controls as well as with infrastructure engineering and application development programs and teams to advise on the security risks they need to address and the correct selection and implementation of controls.
• work directly with multiple IT infrastructure and application development projects and teams to apply standard technical risk assessment methods to identify and prioritize risks for remediation
• Review architecture and design documents to help ensure the correct implementation of security technology controls
• contribute to the development of improved risk assessment approaches
• contribute to the systemization of the delivery of security advisory services
͏
Key Skills Required:
Risk Assessment methods and frameworks (IRAM2, OCTAVE, NIST, ISO 27005 etc)
• Information Security Management System frameworks and standards and their application
• Compliance frameworks relevant to financials services including SOX, PCI DSS, SSAE16, etc)
• Good working knowledge of one or more security technologies and domains, including, but not limited to network security, cyber security, data security, identity and access management, application security & cloud security(SaaS,IaaS,PaaS)
• Experience in advising on or developing security architectures and designs for one or more security technology domains
• Security technologies (firewalls, WAFs, DLP, cryptography, vulnerability scanning, identity and access management, etc.)
• Delivering security changes to meet the CISO business needs.
• Good understanding of cyber security working in financial organisations.
• Good understanding of the need for tight data loss prevention controls to protect financial organisations from data theft and leakage etc
• Good understanding of networks, firewalls, proxies, traffic routing and management.
• A good understanding of risk and issue management.
• Basic cloud knowledge on any of cloud like AWS, Azure, GCP
• Proven business analysis, problem solving, issue tracking and resolution skills
• An in-depth understanding of cyber security and security operations concepts, tooling and practices
• Experience as Agile Business Analyst within a cyber security environment
• Good communication skills and the ability to capture requirements and express them in a clear and concise manner
• Ability to develop user flows and process diagrams and documentation
• An appreciation of threat intelligent techniques and the threat landscape for Financial Services organizations
• Created and published procedural and policy documentation and guidance
• Bridge the communications gap between the business users and security functions during process analysis.
• Bridge the communications gap between the CISO teams and cyber security tool providers during solution analysis.
• Impact assess security problems raised by CISO teams.
• Map current and target security operations model and processes.
• Gather business requirements to assist with finding appropriate solutions to cyber security problems.
• Facilitate 'show and tell' sessions with business users and/or CISO teams to demonstrate security solutions.
• Security qualifications, which may include CISM, CISA, CISSP, BS7799 Auditor or other.
͏ ͏ ͏
Reinvent your world. We are building a modern Wipro. We are an end-to-end digital transformation partner with the boldest ambitions. To realize them, we need people inspired by reinvention. Of yourself, your career, and your skills. We want to see the constant evolution of our business and our industry. It has always been in our DNA - as the world around us changes, so do we. Join a business powered by purpose and a place that empowers you to design your own reinvention.