Information Senior Security Business Analyst

Info Sec provides reliable, secure, and resilient technology services and solutions to support over 300,000 EY people.

Information Security takes a proactive approach to protecting EY’s brand through robust technical security controls, a clearly defined security strategy and ongoing compliance and incident management programs designed to detect and protect against increasingly sophisticated threats against the organization.

You will work with technologists and business specialists to meet the increasing pace of our business. That means more growth for you, exciting learning opportunities, career choices, and the chance to make a real impact.

The opportunity

The Senior Security Business Analyst role within the Enterprise Security Program is essential for supporting security initiatives by ensuring that business and security requirements are accurately captured, documented, communicated, and managed. The role partners with project stakeholders and Information Security Services to evaluate needs, propose solutions, and facilitate agreement on implementation. As a subject matter expert, the Senior Security Business Analyst provides actionable insights that enable effective decision‑making and risk mitigation.

As a member of the Information Security Service Delivery team, the Senior Security Business Analyst role successfully and efficiently drives business process improvement via the methodical investigation, analysis, review and documentation of all or part of a business in terms of business functions and processes.

Your key responsibilities

• Elicitation, analyzing, documenting, and managing business and security requirements for complex projects within the Enterprise Security Program.

• Collaboration with business, security, technical, and project management stakeholders to ensure requirements are clear, feasible, and aligned with organizational objectives.

• Partnering with Security Quality Assurance staff to validate and test security solutions to confirm they meet documented requirements.

• Tracing requirements to the corresponding code, policy, confirmation, or other implementation artifacts, as well as to the test cases that validate them.

• Contributing to continuous improvement of security business analysis processes and tools as a subject matter expert both in terms of business analysis and the security domain.

• Sharing of knowledge and best practices with peers to support team effectiveness.

Skills and attributes for success

To be successful in this role, candidates should possess the following core skills:

• Strong ability to communicate fluently in English and adapt communications to various audiences, including Executives, Sponsors, Management, overall organization and project teams – includes verbal, written and presentation skills

• Breakdown barriers of delivery with well thought out challenges and escalations, if necessary

• Personal accountability to adhere and comply of all required business analyst deliverables and requirements

• Ability to collaborate across functional teams, cultures and geographies and to build trust virtually

• Strong working knowledge or experience with Identity and Access Management

• Track record of customer focus that is based on openness, trust, and delivering on promises

• Extensive experience writing and reviewing business, user, and non-functional/system level requirements

• Highly adept at obtaining alignment and approval of business requirements (functional and supplemental) from user community

• Extensive experience in selecting and executing elicitation techniques such as Interviews, Exploratory Prototypes, Facilitated Workshops, Focus Groups, Observation, User Task Analysis, Documentation Study and Surveys and overall Process Re-engineering

• Development and deployment of formal business analysis methods and tools to govern and control programs

• Solid understanding of the following requirements models: Stakeholder Categories, Actor Tables, Glossary, Context Diagram, Data Model, Class Model, Data Dictionary, Event Response Tables, State Diagrams, Business Rules, Decision Tables, Process Maps, Use Cases, and Activity Diagrams

• Leader in the use of IT methodologies, processes and standards for business analysis

Desired qualifications

• Preferably 8–10 years’ experience in business analysis within the information security domain for large, geographically diverse programs.

• Strong expertise in security technologies (cloud, network, perimeter, messaging, endpoint, and data security).

• Proficiency in requirements management methodologies and tools.

• Advanced communication and stakeholder engagement skills.

• Relevant certifications (e.g., CISSP, CISM, CBAP) are highly desirable.

About EY

As a global leader in assurance, tax, transaction, and advisory services, we’re using the finance products, expertise, and systems we’ve developed to build a better working world. Whenever you join, however long you stay, the exceptional EY experience lasts a lifetime.

If you can confidently demonstrate that you meet the criteria above, please contact us as soon as possible.