Cybersecurity Business Analyst

Job TitleBusiness Analyst a € CybersecurityRole SummaryWe are seeking a Cybersecurity Business Analyst to bridge business goals and security outcomes. This role translates regulatory and business requirements into clear user stories, workflows, and controls; supports risk and compliance initiatives; and drives delivery of security capabilities such as identity, detectionresponse, data protection, and vulnerability management with measurable impact. Key ResponsibilitiesRequirementsAnalysis:Elicit, document, and prioritize cybersecurity requirements; map business processes to security controls; identify gaps and dependencies.Governance, RiskCompliance: Translate regulatory frameworks (SOC 2, ISO 27001, NIST CSF, PCI DSS) into implementable controls; support risk assessments, control testing, POA M updates, and audit evidence management.DataMetrics:Define and maintain KPIs/KRIs (MTTR, patch SLAs, phishing resilience, privileged access hygiene); partner with data teams for accurate reporting across SIEM/EDR/ITSM sources. DeliveryChange:Drive cybersecurity initiatives through discovery, design, UAT, and go live; facilitate backlog grooming, sprint planning, and dependency tracking; manage change impacts, communications, and training.Process Optimization: Document workflows, RACI, and SOPs for security processes; identify automation opportunities via ITSM workflows, APIs, SOAR, and policy as code.Stakeholder Engagement:Create clear artifacts (BRDs, process maps, playbooks); present findings to technical and executive audiences; connect Cyber, IT Ops, Enterprise Architecture, Legal, and Business Units. Required Qualifications3a €6+ years as a Business Analyst, Product Analyst, or similar in cybersecurity, risk, or IT.Strong knowledge of IAM/PAM, vulnerability management, incident response, data protection/DLP, cloud security, or third party risk.Experience with requirements management, process modeling, and UAT. Familiarity with frameworks (NIST, ISO 27001, SOC 2, CIS Controls) and audit cycles.Proficiency with Jira, Azure DevOps, Confluence, ServiceNow, MS 365.Excellent communication, stakeholder management, and documentation skills. Preferred QualificationsExperience with SIEM, EDR/XDR, SOAR, vulnerability management, IAM/PAM, and cloud platforms.Background in security metrics and reporting (Power BI/Tableau).Certifications: Security+, CISA, CISM, CISSP, CRISC, PMI ACP, CBAP, ITIL.Experience in regulated industries (PCI, SOX, HIPAA, GLBA).Core CompetenciesAnalytical thinking, process orientation, outcome focus, clear communication, and cross functional collaboration.