Business Analyst (Information Security)

Business Analyst (Information Security) - Up to £55k - New Role (REF05)

Bristol-based.

Keywords: Business Analyst, IT, Cyber Security, Information Security.

A leading organisation in the Bristol area requires a Business Analyst to join its growing delivery function. Suitable candidates will have a good understanding of cyber security/cyber security frameworks and will play a key role in delivering risk‑informed business analysis while ensuring security is embedded throughout the delivery lifecycle.

• Elicit and document business and functional requirements with security and privacy considerations.
• Produce security‑aware artefacts including Business Requirements Documents (BRDs), Functional Specifications, Threat Modelling inputs, Risk Assessment reports, Security Requirements Traceability Matrix (SRTM).
• Contribute to security risk assessments, DPIAs, and asset classification activities.
• Facilitate workshops with security, compliance, and technical stakeholders to capture security obligations.
• Ensure traceability from security requirements through to test validation and service go‑live.
• Support the secure onboarding and retirement of service components, aligned with UK government guidance.

• Strong business analysis experience in a secure and/or regulated environment.
• Proficient in requirements gathering, stakeholder analysis, and documentation.
• Demonstratable experience in designing operational processes.
• Knowledge of service transition.
• Familiarity with any of the following would be useful: Secure by Design principles, NCSC guidelines, Cyber Essentials or ISO 27001, UK GDPR and Data Protection Act.

Please send CV for full job description and an informal chat. Excellent opportunity to join a market leader!