Cybersecurity Business Analyst

mthree is seeking a Cybersecurity Business Analyst to join a highly regarded Multinational Investment Bank and Financial Services Company.

Job Description:

Position Title: Cybersecurity Business Analyst

Location: Hyderabad/Pune/Bengaluru, India (2/3 day per week in office)

Employment Type: Full-Time

The role sits in Cybersecurity Risk and Controls’ Strategy, Team supporting Group Cybersecurity Control Owners in the effective controls management and governance. The Cybersecurity Business Analyst will work closely with various stakeholders to ensure that the cybersecurity control processes are effective, efficient, and aligned with organizational standards. This is a dynamic role that involves oversight of the control management lifecycle and providing support during regulatory assessments (internal and external).

YOUR RESPONSIBILITIES

• Engage with Cyber, business and functional stakeholders to identify business requirements for control lifecycle management with a focus on regulatory assessments, and provide support during the analysis of the bank’s compliance with new regulations
• Support internal and external assessments on behalf of Cybersecurity teams
• Support the build of regulatory evidence collection process and documentation
• Support the mapping of new standards and regulations to current controls applicable.
• Be able to think out of the box and propose creative solutions / improvements for the evidence collection process definition
• Apply discipline and scrutiny for collection and maintenance of evidence within the repository.

SKILLS & EXPERIENCE WE REQUIRE

Understanding of risk and control frameworks

1. Experience in Control Management. This includes but is not limited to controls design and their implementation
2. Familiarity with Cybersecurity risks and controls.

Technical background

1. Knowledge of Information Technology, at least a generalist level with specialist area expertise welcome
2. Understanding of 2LOD/ 3LOD and external bodies review or assessment methodologies would be a plus

Stakeholder management and communications skills

1. Ability to connect variety of stakeholders and join the dots to ensure an effective communication channel between the involved project’s parties
2. Experience within fast-moving, complex and demanding corporate environments where Information Technology or Security issues have to be handled on a large scale and with a need to multi-task whilst dealing with ambiguity and change.

Interpersonal Skills

OPTIONAL/NICE TO HAVE

• Familiarity with the industry best practices, Cybersecurity regulatory requirements for and frameworks in Information Technology is a plus
• Business/ Data analysis is a plus
• Industry certification in Risk/Technology/Security is a plus.