Job Specifications
Client is seeking to hire a highly motivated and detail-oriented Security IT Business Analyst to support the development, documentation, and improvement of security operational processes and governance activities.
This role requires excellent writing and analytical skills, with a focus on documenting security policies, procedures, workflows, and processes. The successful candidate will work closely with members of the EOHHS CISO's Office, IT teams, and agency stakeholders to analyze existing security practices, identify process gaps, and translate informal or undocumented procedures into clear, structured documentation.
Strong analytical, communication, and presentation skills are critical, as the role requires gathering information from technical subject matter experts and transforming it into documentation and artifacts that support operational consistency, audit readiness, and strategic decision-making
DETAILED LIST OF JOB DUTIES AND RESPONSIBILTIES:
policies, standards, procedures, standard operating procedures (SOPs), playbooks, runbooks, workflows, swim lane diagrams, and process guides.
Analyze and document current-state security processes through interviews, observation, and analysis to identify gaps, inefficiencies, risks, and opportunities for improvement.
Support security governance, compliance activities, and audit readiness by ensuring documentation is complete, accurate, and aligned with Commonwealth, federal, and industry security frameworks.
Facilitate collaboration between the EOHHS CISO's Office, IT teams, agency stakeholders, and external partners to ensure security processes are clearly defined, understood, and consistently implemented
Prepare reports, presentations, process documentation artifacts, and dashboards to track security initiatives and communicate progress to stakeholders and leadership.
Assist in the development of security training, documentation, and communications that will promote adoption of security policies and best practices.
Develop future-state process documentation and operational roadmaps that support improvements in security operations maturity and effectiveness.
Contribute to the planning, tracking, and monitoring of security projects and initiatives to ensure timely delivery and alignment with security strategy and operational priorities.
Manage and document risks, issues, and decisions related to security policies, operational processes, and improvement initiatives within the EOHHS CISO's Office.
Participate in security reviews and assessments and document findings, process gaps, and recommended remediation steps.
Serve as a resource for gathering, analyzing, and documenting requirements for security initiatives, tools, operational processes, and documentation artifacts.
Provide clear, structured, and auditable documentation that supports decision-making, operational consistency, audit response, and process improvement initiatives.
Translate informal or undocumented security practices into repeatable, documented processes that improve operational consistency and accountability.
Perform other related duties as assigned to support the mission of the EOHHS CISO's Office and the continuous improvement of security operations processes.
Preferred Qualifications:
5-8 years of experience in information technology or cybersecurity, with at least 3 years in a business analyst, process analyst, technical writer, security analyst, or related role.
Strong understanding of information security concepts, frameworks, and best practices including:
National Institute of Standards and Technology Cybersecurity Framework (NIST CSF)
Center for Internet Security Controls (CIS Controls)
ISO/IEC 27001
#BSA1