Apply Now    

Security Business Analyst

  • Country:US
  • State:TX
  • City:DALLAS
  • Category:Technical Specialist
  • Required Education:High School Diploma/GED
  • Position Type:Professional
  • Employment Type:Full-Time
  • Contract Type:Regular
  • Req ID:121125BR
View Full Description
Job Description
The Security Business Analyst uses audit process experience, operational audit controls knowledge and technical skills to support internal and external goals of Bluemix Infrastructure division of IBM Cloud. The Security Controls Examiner/Inspector, with limited supervision, will perform duties as a Single Point of Contact (POC) for audit participation requests received by the Cloud SOC. This includes fielding, directing, collecting and responding to audit evidence requests. The Security Business Analyst is also responsible for conducting quarterly reviews of critical controls operated by the Security Operations Center which impact the Bluemix Infrastructure division as a whole. Critical controls as defined by Security Operations Leadership are a collective from internal IBM controls, industry standard controls and governmental controls relevant to Bluemix Infrastructure Services.

The Security Business Analyst is responsible for reporting measurement of required controls to the applicable compliance representatives during official testing for same controls annually or as scheduled. Identification and tracking of any deficits discovered during testing, either quarterly Security Team self-assessment or official testing for certification, are the responsibility of the Security Controls Examiner/Inspector. Immediate retesting and scheduled retesting thereafter of deficient controls are also assigned to the Security Controls Examiner/Inspector.

Key Responsibilities
  • Ensures delivery of Security Team governance, risk and compliance objectives for Bluemix Infrastructure division in IBM Cloud
  • Perform single point of contact for assessment activities for the Bluemix IaaS Security Team
  • Track multiple potential deficiencies as identified in assessments until resolution is sufficiently demonstrated
  • Successfully engage in multiple security governance adherence initiatives simultaneously
  • Perform subject matter expert role for audit and compliance requirements of the IBM Bluemix IaaS Cloud SOC and Security Team
  • Identify and resolve GRC issues and conflicts within the Security Team
  • Develop and deliver progress and remediation reports and presentations as directed by Security Team leadership
  • Promote a risk-aware culture, ensure efficient and effective risk and security management practices by adhering to required standards and processes


Required Technical and Professional Expertise

Minimum two years of governance, risk and compliance related work, preferably for cloud IT or security related business fields
Experience with Business Process documentation and requirements gathering
Experience working both independently and in a team oriented, collaborative environment
Recognize complex problems, analyze situations and provide suggested/implemented resolution(s)
Ability to interact professionally with a diverse group including executives, managers and subject matter experts
Ability to apply critical thinking to control and business risk interpretations on behalf of the Security Team and clearly articulate
Ability to understand concepts related to identifying and assessing cyber risks as applicable to controls frameworks
Flexibility to conform to shifting priorities through analytical and problem-solving capabilities
Prioritize work tasks, direct work efforts and facilitate deficiency closures

Preferred Tech and Prof Experience

Exhibit excellent written and oral communications skills and professionalism
Understand and work effectively in a complex, matrixed environment
Proficient in MS Office products
Associate’s Degree or College Diploma is required
BS in Business, Computer Science, Engineering, or related field is preferred

Industry recognized audit and assessment certification is preferred (e.g. CISA, CRISC, QSA, etc.)
Industry recognized network or cyber security certification is preferred (e.g. CISSP, CISM, SANS, etc.)

EO Statement
IBM is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.

Preferred Education: Bachelor's Degree Commissionable: No
Apply Now    
Link for schema

Share this job