Security IT Business Analyst

***Only qualified Security IT Business Analyst candidates located near Quincy, MA will be considered, as the position requires onsite presence***

**W2

Preferred Education:

• Bachelor’s degree in Information Systems, Business Administration, or related field, or equivalent work experience

Required Skills, Experience and Qualifications:

• 5–8 years of experience in information technology, with at least 3 years in a business analyst, technical writer, or related role

• Strong understanding of information security concepts, frameworks, and best practices (e.g., NIST CSF, CIS Controls, ISO 27001)

• Experience developing, documenting, and maintaining IT/security policies, standards, and procedures Experience with Microsoft 365 suite, JIRA, or other collaboration/project tracking tools

• Experience facilitating requirements gathering sessions, interviews, and workshops with technical and business stakeholders

• Strong analytical and problem-solving skills, including the ability to identify process gaps and recommend improvements

• Ability to manage multiple assignments simultaneously and balancing competing priorities

• Capable of working independently and as part of a cross-functional team

Client is seeking to hire a highly motivated and detail-oriented Security IT Business Analyst to join the Client’s Chief Information Security Officer’s Office (CISO) Office.  The position requires excellent writing skills, with a focus on development of policy and process documentation. Strong analytical, communication and presentation skills are critical. Additionally, the successful candidate must possess the following attributes: attention to detail; superior time management and solid multitasking skills; ability to contribute and work productively as part of a team; capacity to remain flexible and the ability to work well under pressure. The Security IT Business Analyst is expected to occasionally travel to Client’s agency area offices or group homes within the Commonwealth of Massachusetts as needed.  

Responsibilities: 

• Develop and maintain relevant security documentation including policies, standards, procedures, workflows, and process guides.  Analyze existing security processes to identify gaps and risks for improvements 

• Support security compliance and audit readiness by ensuring documentation is complete, accurate, and aligned with Commonwealth and federal standards

• Facilitate collaboration between the CISO’s Office, IT teams, agency stakeholders, and external partners 

• Prepare reports, presentations, and dashboards to track security initiatives and communicate progress to both stakeholders and leadership

• Assist in the development of security training, documentation, and communications that will promote adoption of security policies and best practices

• Contribute to the planning, tracking, and monitoring of security projects and initiatives to ensure timely delivery and alignment with strategic objectives

• Manage and document risks, issues, and decisions related to security policy and process initiatives of the Client’s CISO’s Office   

• Participate in security reviews, assessments, and capturing findings to ensuring documentation of remediation steps  

• Serve as a resource for gathering, analyzing, and documenting requirements of security initiatives, tools, and processes

• Provide structured and clear documentation that can be used to support decision-making, audits responses, and operational changes

• Perform other related duties as assigned to support the mission of the Client’s CISO’s Office.