Title: Security Business Analyst
Experience: 5+ years
Certifications: (Any one of the following ) - CBAP, PMI-PBA, PMP, CAPM, ITIL-F, CRISC, CompTIA Project +or CGRC
Technologies: JIRA, Confluence, MS Visio, Lucid chart, MS Project, SQL Query, MS Power BI, Archer/ServiceNow (GRC), and MS Office Suite
Responsible for gathering and documenting requirements, analyzing business and security needs, creating workflows/SOPs, and supporting risk assessment documentation. Working closely with the Project Manager, this role independently engages stakeholders to define, validate, and document business rules and functional requirements that meet DOE security objectives.
Key Requirements
Serve as a Security Business Analyst supporting enterprise cybersecurity and IT risk initiatives, translating CISO priorities, regulatory requirements, and business needs into clear, actionable requirements.
Elicit, analyze, and document security and risk requirements, including functional, technical, and compliance needs across Security Operations, Infrastructure, Cloud, Data Protection, GRC, Privacy, and business units.
Support risk and POA&M management activities, assisting in tracking remediation plans for internal systems and third-party vendors, validating milestones, and ensuring alignment with regulatory and policy requirements.
Act as a liaison between business stakeholders, technical teams, and senior leadership, ensuring shared understanding of risks, controls, dependencies, and implementation impacts.
Develop and maintain security-related documentation and artifacts, including business requirements documents (BRDs), process flows, gap analyses, and control mapping aligned to frameworks such as NIST and FISMA.
Provide analytical support for executive reporting, contributing to dashboards, metrics, and decision-ready summaries that communicate security posture, risk trends, and remediation progress.
Risk & Compliance Knowledge: Deep understanding of frameworks like NIST SP 800-53/37 (RMF), NYC Education Law 2-d, CIPA, FERPA, and HIPAA.
Enable delivery of measurable security outcomes, supporting project and program teams by identifying gaps, clarifying requirements, and helping ensure solutions meet defined risk, compliance, and business objectives.
Expertise requirements for gathering, process modeling, and workflow development to bridge technical-to-business gaps.
.
Never miss an opportunity! Create an alert based on the job you applied for.
