Security Business Analyst

About This Role

Responsible for gathering and documenting requirements, analyzing business and security needs, creating workflows/SOPs, and supporting risk assessment documentation. Working closely with the Project Manager, this role independently engages stakeholders to define, validate, and document business rules and functional requirements that meet DOE security objectives.

Key Responsibilities

• Serve as a Security Business Analyst supporting enterprise cybersecurity and IT risk initiatives, translating CISO priorities, regulatory requirements, and business needs into clear, actionable requirements.
• Elicit, analyze, and document security and risk requirements, including functional, technical, and compliance needs across Security Operations, Infrastructure, Cloud, Data Protection, GRC, Privacy, and business units.
• Support risk and POA&M management activities, assisting in tracking remediation plans for internal systems and third-party vendors, validating milestones, and ensuring alignment with regulatory and policy requirements.
• Act as a liaison between business stakeholders, technical teams, and senior leadership, ensuring shared understanding of risks, controls, dependencies, and implementation impacts.
• Develop and maintain security-related documentation and artifacts, including business requirements documents (BRDs), process flows, gap analyses, and control mapping aligned to frameworks such as NIST and FISMA.
• Provide analytical support for executive reporting, contributing to dashboards, metrics, and decision-ready summaries that communicate security posture, risk trends, and remediation progress.
• Enable delivery of measurable security outcomes, supporting project and program teams by identifying gaps, clarifying requirements, and helping ensure solutions meet defined risk, compliance, and business objectives.

Requirements

• Must live in the New York Area
• Must be a United States Citizen
• Must have a minimum of 5 years experience
• Must have a minimum of two certifications mentioned below
• Risk & Compliance Knowledge: Deep understanding of frameworks like NIST SP 800-53/37 (RMF), NYC Education Law 2-d, CIPA, FERPA, and HIPAA.
• Expertise requirements for gathering, process modeling, and workflow development to bridge technical-to-business gaps.

Experience & Certifications

• Minimum Experience: 5+ years
• Minimum of Two Certifications: CBAP, PMI-PBA, PMP, CAPM, ITIL-F, CRISC, CompTIA Project +or CGRC

Technology Experience

• JIRA, Confluence, MS Visio, Lucid chart, MS Project, SQL Query, MS Power BI, Archer/ServiceNow (GRC), and MS Office Suite.

Compensation

• Pay: $98,000.00 - $110,000.00 per year

Benefits

• 401(k)
• Dental insurance
• Health insurance
• Life insurance
• Paid time off
• Vision insurance

Work Location

• In person