Security Senior Business Analyst

AVEVA is a global leader in industrial software. Our cutting-edge solutions are used by thousands of enterprises to deliver the essentials of life – such as energy, infrastructure, chemicals and minerals – safely, efficiently and more sustainably.

We’re the first software business in the world to have our sustainability targets validated by the SBTi, and we’ve been recognized for the transparency and ambition of our commitment to diversity, equity, and inclusion. We’ve also recently been named as one of the world’s most innovative companies.

If you’re a curious and collaborative person who wants to make a big impact through technology, then we want to hear from you! Find out more at AVEVA Careers.

For more information about our privacy policy and how to manage cookies, visit our Privacy Policy.

Job Name: Senior Security Business Analyst

Organization/department: Digital Security

Reports to: Programme Manager – Global Security Operations

Location: Kuala Lumpur, Malaysia or London, United Kingdom

Job Overview

The Senior Security Business Analyst is a seasoned professional responsible for supporting complex, high-impact Digital Security projects within AVEVA. This role supports the information and cyber security control owners and control operators in AVEVA to analyse the control needs, document the as-is and to be process, prioritize and implement relevant control processes and systems effectively while ensuring alignment with the AVEVA’s cybersecurity standards and business objectives using appropriate behaviours, techniques, and frameworks.

Roles and Responsibilities

Dimensions

• Demonstrated history of business analysis work in a waterfall and agile environment, especially in projects related to Information and Cyber Security

• Strong analysis skills – brainstorming, gap analysis, product analysts, backlog creation and refinement etc.

• Process mapping techniques and methodologies

• Stakeholder engagement with strong interpersonal and collaborative skills as well as highly effective communication skills

• Strong motivation, initiative and able to multi-task

• Formal Agile, Waterfall, Business Analysis Training

Primary Duties            

• The Security Business Analyst is accountable for documenting and analysing Security Control requirements in such a way that the security and business teams understand and approve them, and other delivery team members can successfully utilise them to deliver expected outcomes

• Ensures the solution meets the cybersecurity control and project requirements. Should have strong understanding of business processes, cybersecurity and analyses complex business problems to be solved with IT technologies.

• Supports the security team to define stakeholder groups and develop good working relationships with these parties to understand their goals and objectives and their vision for change.

• Help to prioritize the work within the Information and Cyber Security backlog

• Develops detailed functional, system and project specific requirements

• Maintain commonly accepted templates to enable consistent and thorough project scoping and business requirements definition

• Works closely with cybersecurity solutions architect and the project manager to review and confirm the decision(s)

• Escalate any scoping and requirements risks to project management

• Own the UAT project phase and support business stakeholders in understanding the change and creating test scenarios

• Work on business analysis activities for Security, liaising with IT, Product, R&D, Sales, marketing, Finance, HR, Legal, Global Delivery Services, and Global Customer Support customers as necessary

• Recommend improvements to working practices within the team, within and outside of the business analysis function

• Raise risks, issues, and dependency within and across the Security, Business and IT portfolio as appropriate

• Supports definition of service strategy, service design, continues service improvement service transition into BAU

• Supports definition of SLAs/KPIs

• Supports client engagement and campaigns

  Important Working Relationships

• Build, develop and maintain strong and effective relationships with business stakeholders, suppliers, and project team members.

• Build and maintain strong working relationships with Security, IT, Product, R&D and other Business functions

• Work closely with the Enterprise, Security Architecture and IT Operations teams to ensure that potential systems or services undergo the correct checks and that there are no constraints imposed by the proposed architecture.

• Build and maintain strong relationship with Program & Portfolio Management to ensure the project execution and reporting activities are aligned to PMO best practices and compliance

Required Qualifications

Educational Qualifications

• Bachelor's degree in Information Technology, Computer Science, Cyber Security, Engineering or a related field (Master's degree preferred)

• Any BA qualification such as PMI-PBA, BCS International Diploma in Business Analysis or equivalent is a plus

• Knowledge and extensive experience with project management methodologies (e.g., Agile, Scrum, Waterfall).

• Exceptional leadership, communication, and negotiation skills.

• Proficiency in project management software and tool such as Microsoft Project, Azure DevOps, Trello, JIRA etc

• Strong analytical and strategic thinking capabilities

  Experience

• 5+ years of experience in IT and Cyber Security Projects, with a demonstrated history of supporting delivery of large-scale, high-impact projects as a Business Analyst

• Experience of delivering Information and Cyber Security Projects such as Vulnerability Management, Cloud Access Security Brooker, Data Security, Application Security Assessment, Threat Intelligence, SOC & SIEM, Identity Access Management, Network Security etc.

• Involved in the delivery of Infrastructure implementation and/or transformation projects, potential examples include Security Patching, Vulnerability Remediations, DC and Network Migrations etc is a plus

• Extensive experience of project management methodologies and frameworks (PMI, Agile, Scrum, Safe, PRINCE II etc.)

Technical Competency

• In-depth knowledge of IT infrastructure and Cyber Security domains

• Understanding of Cyber Threat Detect and Response capabilities and services, Data and Network Security, Vulnerability Management, Identity and Access Management capabilities is desired

• Understanding of Leading Internal Standards on Information and Cyber Security such as ISO27001, NIST Cyber Security Framework is desired

• Understanding of Security Policies and procedures, Governance Risk and Compliance

• Experience in supporting the delivery of SIEM tools such as Microsoft Sentinel, Splunk, QRadar etc.is a plus

• Knowledge and understanding the use of Project Planning Tools such as Microsoft Project, Azure DevOps, Trello, JIRA etc. 

• Process mapping using a recognized system i.e., Visio; BusinessOptix or equivalent
  Data modelling and understanding of data structures

• Business process management tools, Process mapping techniques and methodologies e.g., UML; BPMN

• Exceptional verbal and written communication skills 

• Expertise in setting and managing customer expectations

• Effective influencing and negotiating skills in an environment where this role may not directly control resources 

• Strong knowledge and understanding of business needs, with the ability to establish and maintain a high level of customer trust and confidence 

• Thorough understanding of current and emerging technologies and how other enterprises are employing them to drive digital business 

• Demonstrated ability to develop and execute a project resource plan that ensures that the right people are in the right place doing the right things at the right time

Desirable Training and Certifications

Cyber Security Certifications such as CompTIA Security+, Certified Information Security Manager (CISM), Certified Information Security Professional (CISSP), Certified in Governance, Risk and Compliance (CGRC), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Auditor (CISA) is desired.

Occupational Personality

• Strong analytical and problem-solving skills with strong written and verbal communication and a good attention to detail

• Ability to work both independently and collaboratively as a team member, be curious and to ask questions and share knowledge.

• Ability to interact with AVEVA's personnel at all levels and across all business units and organizations, and to understand business objectives and values.

• A strong customer/client focus, with the ability to manage expectations appropriately, to provide a superior customer/client experience and build long-term relationships.

• A strong passion about security, be curious with a keenness to learn and develop own skills and knowledge outside of the working environment.

• Confident in recording and presenting key findings and conclusions to different levels of the business.

Career Path

Senior Security Business Analyst, with the skills, behaviours and determination to succeed can progress to roles such as Security Business Analysis Lead, Head of Security Business Analysis, Security Control Owner, Security Architect or specialise in roles overseeing Security Strategy, Governance and Compliance

AVEVA requires all successful applicants to undergo and pass a comprehensive background check before they start employment.  Background checks will be conducted in accordance with local laws and may, subject to those laws,  include proof of educational attainment, employment history verification, proof of work authorization, criminal records, identity verification, credit check.  Certain positions dealing with sensitive and/or third party personal data may involve additional background check criteria.

AVEVA is an Equal Opportunity Employer. We are committed to being an exemplary employer with an inclusive culture, developing a workplace environment where all our employees are treated with dignity and respect. We value diversity and the expertise that people from different backgrounds bring to our business.
 
Come and join AVEVA to create the transformative technology that enables our customers to engineer a better world.