Business Analyst – Information Security & Risk Compliance

Location: Bengaluru
Experience Range: 6 to 8 Years
Job Type: Full-Time

Role Proficiency

Analyze and understand the business needs of clients and recommend secure, compliant, and risk-aware solutions. Perform complex business analysis tasks with limited support, especially in the domains of risk management and information security. Collaborate effectively with stakeholders to ensure project requirements are aligned with risk control objectives.

Key Responsibilities Business Analysis & Stakeholder Engagement

Understand and define complex business requirements and align them with security and compliance goals.

Lead elicitation sessions, facilitate stakeholder collaboration, and validate requirements.

Design, define, document, and communicate software and non-functional requirements.

Develop and maintain BA artefacts and reusable methodologies.

Proactively manage stakeholder relationships and ensure consensus on deliverables.

Mentor junior Business Analysts and support business development initiatives where needed.

Risk, Security & Compliance

Conduct Business Impact Analysis (BIA) and risk assessments for third-party applications, vendors, and systems.

Identify and communicate information security risks and compensating controls.

Review vendor/third-party contracts for alignment with internal policies and regulatory frameworks.

Conduct internal audits to assess compliance with organization security policies and ISO standards.

Prepare risk reports and provide mitigation recommendations.

Solution Evaluation & Change Control

Recommend appropriate solutions using a combination of metrics and strategic analysis.

Ensure traceability, impact assessment, and version control of all requirement changes.

Support solution evaluations with measurable KPIs and stakeholder-aligned metrics.

Process & Artefact Management

Own project documentation, templates, and process flows.

Drive the adoption of tools, templates, and processes across project teams.

Use BA tools to model workflows, use cases, current/future state diagrams, and user stories.

Must Have Skills

Business Analysis in Information Security Domain

Risk Management and Operational Risk Assessment

Compliance & Risk Control

ISO 27001 Auditing / Lead Implementation

Cybersecurity Frameworks: NIST CSF, ISO 27001

BIA and Risk Assessments for Third Parties

Stakeholder Communication (Technical & Non-Technical)

Process Modeling, Use Case & Workflow Diagrams

Excellent Documentation, Presentation & Negotiation Skills

Good to Have Skills

Experience with TPRM tools like Archer or OneTrust

Knowledge of contractual review in security context

Exposure to Agile, Scrum, or other SDLC methodologies

Familiarity with Data Privacy Regulations (e.g., GDPR)

Cross-functional collaboration with distributed teams

Education Qualification

B.E. / B.Tech. / MCA / MBA with specialization in Information Security

Certifications (Mandatory)

ISO 27001 Lead Auditor or Lead Implementer

CRISC (Certified in Risk and Information Systems Control) – Preferred

Measures of Success

Direct contribution to business value through secure and compliant solutions

Quality and traceability of requirements and documentation

Effectiveness of stakeholder collaboration and risk communication

Adoption of BA tools and frameworks across teams

Feedback from senior stakeholders and auditors

Outputs Expected

Risk-aware business requirements and artefacts

Timely communication and decision support documents

Risk reports, control recommendations, and audit findings

BA templates and reusable assets

Mentorship of junior analysts and support for leadership