Security Senior Business Analyst
Kuala Lumpur
Applications have closed
AVEVA
At AVEVA, we work with you and harness the power of our ecosystem, to deliver solutions and expertise to optimize engineering, operations and performance.AVEVA is a global leader in industrial software. Our cutting-edge solutions are used by thousands of enterprises to deliver the essentials of life – such as energy, infrastructure, chemicals and minerals – safely, efficiently and more sustainably.
We’re the first software business in the world to have our sustainability targets validated by the SBTi, and we’ve been recognized for the transparency and ambition of our commitment to diversity, equity, and inclusion. We’ve also recently been named as one of the world’s most innovative companies.
If you’re a curious and collaborative person who wants to make a big impact through technology, then we want to hear from you! Find out more at AVEVA Careers.
For more information about our privacy policy and how to manage cookies, visit our Privacy Policy.
Job Name: Senior Security Business Analyst
Organization/department: Digital Security
Reports to: Programme Manager – Global Security Operations
Location: Kuala Lumpur, Malaysia or London, United Kingdom
Job Overview
The Senior Security Business Analyst is a seasoned professional responsible for supporting complex, high-impact Digital Security projects within AVEVA. This role supports the information and cyber security control owners and control operators in AVEVA to analyse the control needs, document the as-is and to be process, prioritize and implement relevant control processes and systems effectively while ensuring alignment with the AVEVA’s cybersecurity standards and business objectives using appropriate behaviours, techniques, and frameworks.
Roles and Responsibilities
Dimensions
Demonstrated history of business analysis work in a waterfall and agile environment, especially in projects related to Information and Cyber Security
Strong analysis skills – brainstorming, gap analysis, product analysts, backlog creation and refinement etc.
Process mapping techniques and methodologies
Stakeholder engagement with strong interpersonal and collaborative skills as well as highly effective communication skills
Strong motivation, initiative and able to multi-task
Formal Agile, Waterfall, Business Analysis Training
Primary Duties
The Security Business Analyst is accountable for documenting and analysing Security Control requirements in such a way that the security and business teams understand and approve them, and other delivery team members can successfully utilise them to deliver expected outcomes
Ensures the solution meets the cybersecurity control and project requirements. Should have strong understanding of business processes, cybersecurity and analyses complex business problems to be solved with IT technologies.
Supports the security team to define stakeholder groups and develop good working relationships with these parties to understand their goals and objectives and their vision for change.
Help to prioritize the work within the Information and Cyber Security backlog
Develops detailed functional, system and project specific requirements
Maintain commonly accepted templates to enable consistent and thorough project scoping and business requirements definition
Works closely with cybersecurity solutions architect and the project manager to review and confirm the decision(s)
Escalate any scoping and requirements risks to project management
Own the UAT project phase and support business stakeholders in understanding the change and creating test scenarios
Work on business analysis activities for Security, liaising with IT, Product, R&D, Sales, marketing, Finance, HR, Legal, Global Delivery Services, and Global Customer Support customers as necessary
Recommend improvements to working practices within the team, within and outside of the business analysis function
Raise risks, issues, and dependency within and across the Security, Business and IT portfolio as appropriate
Supports definition of service strategy, service design, continues service improvement service transition into BAU
Supports definition of SLAs/KPIs
Supports client engagement and campaigns
Important Working Relationships
Build, develop and maintain strong and effective relationships with business stakeholders, suppliers, and project team members.
Build and maintain strong working relationships with Security, IT, Product, R&D and other Business functions
Work closely with the Enterprise, Security Architecture and IT Operations teams to ensure that potential systems or services undergo the correct checks and that there are no constraints imposed by the proposed architecture.
Build and maintain strong relationship with Program & Portfolio Management to ensure the project execution and reporting activities are aligned to PMO best practices and compliance
Required Qualifications
Educational Qualifications
Bachelor's degree in Information Technology, Computer Science, Cyber Security, Engineering or a related field (Master's degree preferred)
Any BA qualification such as PMI-PBA, BCS International Diploma in Business Analysis or equivalent is a plus
Knowledge and extensive experience with project management methodologies (e.g., Agile, Scrum, Waterfall).
Exceptional leadership, communication, and negotiation skills.
Proficiency in project management software and tool such as Microsoft Project, Azure DevOps, Trello, JIRA etc
Strong analytical and strategic thinking capabilities
Experience
5+ years of experience in IT and Cyber Security Projects, with a demonstrated history of supporting delivery of large-scale, high-impact projects as a Business Analyst
Experience of delivering Information and Cyber Security Projects such as Vulnerability Management, Cloud Access Security Brooker, Data Security, Application Security Assessment, Threat Intelligence, SOC & SIEM, Identity Access Management, Network Security etc.
Involved in the delivery of Infrastructure implementation and/or transformation projects, potential examples include Security Patching, Vulnerability Remediations, DC and Network Migrations etc is a plus
Extensive experience of project management methodologies and frameworks (PMI, Agile, Scrum, Safe, PRINCE II etc.)
Technical Competency
In-depth knowledge of IT infrastructure and Cyber Security domains
Understanding of Cyber Threat Detect and Response capabilities and services, Data and Network Security, Vulnerability Management, Identity and Access Management capabilities is desired
Understanding of Leading Internal Standards on Information and Cyber Security such as ISO27001, NIST Cyber Security Framework is desired
Understanding of Security Policies and procedures, Governance Risk and Compliance
Experience in supporting the delivery of SIEM tools such as Microsoft Sentinel, Splunk, QRadar etc.is a plus
Knowledge and understanding the use of Project Planning Tools such as Microsoft Project, Azure DevOps, Trello, JIRA etc.
Process mapping using a recognized system i.e., Visio; BusinessOptix or equivalent
Data modelling and understanding of data structuresBusiness process management tools, Process mapping techniques and methodologies e.g., UML; BPMN
Exceptional verbal and written communication skills
Expertise in setting and managing customer expectations
Effective influencing and negotiating skills in an environment where this role may not directly control resources
Strong knowledge and understanding of business needs, with the ability to establish and maintain a high level of customer trust and confidence
Thorough understanding of current and emerging technologies and how other enterprises are employing them to drive digital business
Demonstrated ability to develop and execute a project resource plan that ensures that the right people are in the right place doing the right things at the right time
Desirable Training and Certifications
Cyber Security Certifications such as CompTIA Security+, Certified Information Security Manager (CISM), Certified Information Security Professional (CISSP), Certified in Governance, Risk and Compliance (CGRC), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Auditor (CISA) is desired.
Occupational Personality
Strong analytical and problem-solving skills with strong written and verbal communication and a good attention to detail
Ability to work both independently and collaboratively as a team member, be curious and to ask questions and share knowledge.
Ability to interact with AVEVA's personnel at all levels and across all business units and organizations, and to understand business objectives and values.
A strong customer/client focus, with the ability to manage expectations appropriately, to provide a superior customer/client experience and build long-term relationships.
A strong passion about security, be curious with a keenness to learn and develop own skills and knowledge outside of the working environment.
Confident in recording and presenting key findings and conclusions to different levels of the business.
Career Path
Senior Security Business Analyst, with the skills, behaviours and determination to succeed can progress to roles such as Security Business Analysis Lead, Head of Security Business Analysis, Security Control Owner, Security Architect or specialise in roles overseeing Security Strategy, Governance and Compliance
AVEVA requires all successful applicants to undergo and pass a comprehensive background check before they start employment. Background checks will be conducted in accordance with local laws and may, subject to those laws, include proof of educational attainment, employment history verification, proof of work authorization, criminal records, identity verification, credit check. Certain positions dealing with sensitive and/or third party personal data may involve additional background check criteria.
AVEVA is an Equal Opportunity Employer. We are committed to being an exemplary employer with an inclusive culture, developing a workplace environment where all our employees are treated with dignity and respect. We value diversity and the expertise that people from different backgrounds bring to our business.
Come and join AVEVA to create the transformative technology that enables our customers to engineer a better world.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile Application security Azure CGRC CISA CISM CISSP Cloud Compliance CompTIA Computer Science CRISC DevOps Finance Governance IAM Industrial ISO 27001 IT infrastructure Jira KPIs Network security NIST Privacy QRadar R&D Scrum Security assessment Security strategy Sentinel SIEM SLAs SOC Splunk Strategy Threat intelligence Vulnerability management
Perks/benefits: Transparency
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.