Security IT Business Analyst
- TalentBurst, Inc
2 Hours Ago
NA
NA
Quincy-MA
8-10 Years
Required Skills: Cybersecurity Framework
Job Description
Position: Security IT Business Analyst
Location: Quincy, MA (Hybrid)
Duration: Multi Year Renewable Contract
Hours: 37.5 Hours per week
DETAILED LIST OF JOB DUTIES AND RESPONSIBILTIES:
Policies, standards, procedures, standard operating procedures (SOPs), playbooks, runbooks, workflows, swim lane diagrams, and process guides.
Analyze and document current-state security processes through interviews, observation, and analysis to identify gaps, inefficiencies, risks, and opportunities for improvement.
Support security governance, compliance activities, and audit readiness by ensuring documentation is complete, accurate, and aligned with Commonwealth, federal, and industry security frameworks.
Facilitate collaboration between the CISO's Office, IT teams, agency stakeholders, and external partners to ensure security processes are clearly defined, understood, and consistently implemented
Prepare reports, presentations, process documentation artifacts, and dashboards to track security initiatives and communicate progress to stakeholders and leadership.
Assist in the development of security training, documentation, and communications that will promote adoption of security policies and best practices.
Develop future-state process documentation and operational roadmaps that support improvements in security operations maturity and effectiveness.
Contribute to the planning, tracking, and monitoring of security projects and initiatives to ensure timely delivery and alignment with security strategy and operational priorities.
Manage and document risks, issues, and decisions related to security policies, operational processes, and improvement initiatives within the CISO's Office.
Participate in security reviews and assessments and document findings, process gaps, and recommended remediation steps.
Serve as a resource for gathering, analyzing, and documenting requirements for security initiatives, tools, operational processes, and documentation artifacts.
Provide clear, structured, and auditable documentation that supports decision-making, operational consistency, audit response, and process improvement initiatives.
Translate informal or undocumented security practices into repeatable, documented processes that improve operational consistency and accountability.
Perform other related duties as assigned to support the mission of the CISO's Office and the continuous improvement of security operations processes.
Preferred Qualifications:
5–8 years of experience in information technology or cybersecurity, with at least 3 years in a business analyst, process analyst, technical writer, security analyst, or related role.
Strong understanding of information security concepts, frameworks, and best practices including:
National Institute of Standards and Technology Cybersecurity Framework (NIST CSF)
Center for Internet Security Controls (CIS Controls)
ISO/IEC 27001
