Our client, a leading financial institution, with a major technology upscaling and enhancement programme, is looking for a Technical Business Analyst in IT Security. This role is critical in maintaining the security of the technology systems and ensuring the confidentiality, integrity, and availability of sensitive data. The successful candidate will have the expertise to analyze business requirements, design robust security solutions, and collaborate with various stakeholders to implement effective security measures.
Conduct comprehensive analysis of business needs, requirements, and objectives in collaboration with key stakeholders to identify security risks and vulnerabilities.
Collaborate with cross-functional teams to implement and optimize security controls across enterprise applications, systems, and processes.
Perform data analysis and develop comprehensive security metrics and reports to measure, track, and report on the effectiveness of security controls and compliance.
Drive continuous improvement initiatives to enhance existing security processes and technologies, ensuring they align with evolving industry trends.
Coordinate with internal and external auditors to ensure compliance with applicable security policies, procedures, and regulations.
Provide technical expertise and guidance to internal stakeholders, including development teams, to ensure security requirements are integrated throughout the system development lifecycle.
Stay abreast of emerging threats, vulnerabilities, and industry trends to proactively identify potential risks and recommend appropriate countermeasures.
Collaborate with vendors and external partners to assess and manage security risks associated with third-party applications and services.
Bachelor's degree in Computer Science, Information Security, or a related field; relevant certifications (e.g., CISSP, CISM, CRISC) are highly desirable.
Proven experience as a Technical Business Analyst, with a strong focus on IT security within the financial services sector.
In-depth knowledge of security frameworks, industry regulations (e.g., PCI-DSS, GDPR), and information security best practices.
Excellent analytical and problem-solving skills, with the ability to translate complex technical concepts into practical business solutions.
Understanding of secure software development methodologies, secure network design principles, and encryption technologies.
Proficiency in conducting risk assessments, vulnerability management, and penetration testing.
Familiarity with security technologies, including firewalls, intrusion detection and prevention systems, antivirus tools, and security information and event management (SIEM) systems.
Exceptional communication skills, both written and verbal, with the ability to effectively convey complex technical concepts to non-technical stakeholders.
Strong project management skills, with the ability to prioritize and manage multiple initiatives concurrently.