Security Business Analyst
- Country:US
- State:TX
- City:DALLAS
- Category:Technical Specialist
- Required Education:High School Diploma/GED
- Position Type:Professional
- Employment Type:Full-Time
- Contract Type:Regular
- Req ID:121125BR
Job Description
The Security Business Analyst uses audit process experience, operational audit controls knowledge and technical skills to support internal and external goals of Bluemix Infrastructure division of IBM Cloud. The Security Controls Examiner/Inspector, with limited supervision, will perform duties as a Single Point of Contact (POC) for audit participation requests received by the Cloud SOC. This includes fielding, directing, collecting and responding to audit evidence requests. The Security Business Analyst is also responsible for conducting quarterly reviews of critical controls operated by the Security Operations Center which impact the Bluemix Infrastructure division as a whole. Critical controls as defined by Security Operations Leadership are a collective from internal IBM controls, industry standard controls and governmental controls relevant to Bluemix Infrastructure Services.
The Security Business Analyst is responsible for reporting measurement of required controls to the applicable compliance representatives during official testing for same controls annually or as scheduled. Identification and tracking of any deficits discovered during testing, either quarterly Security Team self-assessment or official testing for certification, are the responsibility of the Security Controls Examiner/Inspector. Immediate retesting and scheduled retesting thereafter of deficient controls are also assigned to the Security Controls Examiner/Inspector.
Key Responsibilities
SOCBM
CLDSFT5K
Required Technical and Professional Expertise
Preferred Tech and Prof Experience
EO Statement
IBM is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.
The Security Business Analyst uses audit process experience, operational audit controls knowledge and technical skills to support internal and external goals of Bluemix Infrastructure division of IBM Cloud. The Security Controls Examiner/Inspector, with limited supervision, will perform duties as a Single Point of Contact (POC) for audit participation requests received by the Cloud SOC. This includes fielding, directing, collecting and responding to audit evidence requests. The Security Business Analyst is also responsible for conducting quarterly reviews of critical controls operated by the Security Operations Center which impact the Bluemix Infrastructure division as a whole. Critical controls as defined by Security Operations Leadership are a collective from internal IBM controls, industry standard controls and governmental controls relevant to Bluemix Infrastructure Services.
The Security Business Analyst is responsible for reporting measurement of required controls to the applicable compliance representatives during official testing for same controls annually or as scheduled. Identification and tracking of any deficits discovered during testing, either quarterly Security Team self-assessment or official testing for certification, are the responsibility of the Security Controls Examiner/Inspector. Immediate retesting and scheduled retesting thereafter of deficient controls are also assigned to the Security Controls Examiner/Inspector.
Key Responsibilities
- Ensures delivery of Security Team governance, risk and compliance objectives for Bluemix Infrastructure division in IBM Cloud
- Perform single point of contact for assessment activities for the Bluemix IaaS Security Team
- Track multiple potential deficiencies as identified in assessments until resolution is sufficiently demonstrated
- Successfully engage in multiple security governance adherence initiatives simultaneously
- Perform subject matter expert role for audit and compliance requirements of the IBM Bluemix IaaS Cloud SOC and Security Team
- Identify and resolve GRC issues and conflicts within the Security Team
- Develop and deliver progress and remediation reports and presentations as directed by Security Team leadership
- Promote a risk-aware culture, ensure efficient and effective risk and security management practices by adhering to required standards and processes
SOCBM
CLDSFT5K
Required Technical and Professional Expertise
• Minimum two years of governance, risk and compliance related work, preferably for cloud IT or security related business fields
• Experience with Business Process documentation and requirements gathering
• Experience working both independently and in a team oriented, collaborative environment
• Recognize complex problems, analyze situations and provide suggested/implemented resolution(s)
• Ability to interact professionally with a diverse group including executives, managers and subject matter experts
• Ability to apply critical thinking to control and business risk interpretations on behalf of the Security Team and clearly articulate
• Ability to understand concepts related to identifying and assessing cyber risks as applicable to controls frameworks
• Flexibility to conform to shifting priorities through analytical and problem-solving capabilities
• Prioritize work tasks, direct work efforts and facilitate deficiency closures
Preferred Tech and Prof Experience
• Exhibit excellent written and oral communications skills and professionalism
• Understand and work effectively in a complex, matrixed environment
• Proficient in MS Office products
Certifications:
Education:
• Associate’s Degree or College Diploma is required
• BS in Business, Computer Science, Engineering, or related field is preferred
Certifications:
• Industry recognized audit and assessment certification is preferred (e.g. CISA, CRISC, QSA, etc.)
• Industry recognized network or cyber security certification is preferred (e.g. CISSP, CISM, SANS, etc.)
EO Statement
IBM is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.
Preferred Education:
Bachelor's Degree
Commissionable:
No