Business Analyst

We are seeking a highly organized, analytical, and collaborative Business Analyst to support the development, standardization, and continuous improvement of our Cybersecurity Control Domain monthly one pagers and related governance reporting.

In this role, you will work closely with the Technical Writer (Editor in Chief), domain SMEs, and cybersecurity leadership to ensure that source data, metrics, inputs, and evidence are accurate, timely, and aligned to reporting standards. You will translate domain information, performance indicators, and control insights into structured business inputs that enable the Technical Writer to produce high quality executive-facing content. You will drive the consolidated risk reporting.

This position is ideal for someone who thrives at the intersection of data, process, governance, and communication, and enjoys enabling clarity in complex environments.

• Data & Reporting Support
• Collect, validate, and structure monthly data inputs from cybersecurity domain owners for control performance, maturity, and risk posture.
• Ensure all metrics, KRIs/KPIs, and narrative inputs meet quality, completeness, and accuracy standards before handoff to the Technical Writer.
• Perform data checks, identify anomalies or gaps, and follow up with domain SMEs to resolve inconsistencies.
• Process Coordination & Governance
• Manage the monthly reporting workflow in partnership with the Technical Writer, including input requests, reminders, deadlines, and sign off checkpoints.
• Maintain and continuously refine the operating rhythm, ensuring predictability and efficiency for all contributors.
• Support version control, documentation tracking, and repository management to ensure all inputs and artifacts are up to date and audit-ready.
• Content Readiness & Business Alignment
• Translate complex domain updates into structured, business friendly summaries for use by the Technical Writer.
• Ensure domain inputs align to: Standard templates, Control taxonomy, Reporting definitions, Strategic themes communicated by leadership
• Review domain submissions for clarity, consistency, and logical coherence before editorial refinement begins.
• Stakeholder Engagement
• Build strong relationships with cybersecurity SMEs, control domain owners, and program managers across the organization.
• Clarify requirements, resolve ambiguities, and ensure contributors understand expectations for monthly deliverables.
• Act as a liaison between domain experts and the Technical Writer to streamline communication and reduce re work.
• Continuous Improvement
• Identify opportunities to optimize the reporting process, templates, definitions, and data workflows.
• Contribute to enhancements of style guides, reporting standards, and submission guidance alongside the Technical Writer.
• Support the implementation of tools or automation that improve tracking, consistency, and reporting efficiency.

Required

• 7+ years of experience as a Business Analyst, Reporting Analyst, Program Analyst, or similar role.
• Strong skills in requirements gathering, process documentation, workflow management, and stakeholder coordination.
• Ability to interpret technical or operational data and translate it into structured, meaningful business information.
• Excellent organizational skills with the ability to manage multiple concurrent inputs, deadlines, and stakeholders.
• Proficiency in Excel, PowerPoint, and reporting/documentation tools.

Nice to Have

• Experience working in cybersecurity, technology risk, governance, or audit environments.
• Familiarity with control frameworks (e.g., NIST CSF, ISO 27001, CIS Controls).
• Exposure to executive or leadership reporting.

• Highly structured, organized, and disciplined with timelines
• Strong critical thinking and problem-solving abilities
• Comfortable navigating ambiguity and incomplete information
• Excellent communicator who can bridge business, technical, and editorial workflows
• Proactive, collaborative, and committed to high quality output

• A central position in a high visibility, global cybersecurity reporting program
• The opportunity to shape and strengthen how the organization communicates maturity and risk
• Close collaboration with cybersecurity leaders, SMEs, and the Editor in Chief
• A blend of analytical work, process management, and stakeholder engagement