Security Business Analyst

Elysium Healthcare is an established, stable, and agile company with over 8,000 employees and a unique approach to the delivery of care. As the Security Business Analyst, you will play a vital role in translating risk, regulatory, and technical requirements into actionable delivery documentation, ensuring that security expectations are consistently embedded into project outcomes.

As the Security Business Analyst, you will support the structured planning, coordination, and delivery of cyber security initiatives across the organisation. Working as a central link between security governance, IT delivery, and business stakeholders, you will ensure that security requirements are clearly defined, scoped, and delivered in a traceable, auditable way. You will contribute to project governance reporting, stakeholder engagement, and ongoing documentation of risk treatments or security decisions.

Elysium Healthcare is part of Ramsay Health Care, a global network that extends across 10 countries and employs over 86,000 people globally. The company has a network of over 90 services across England and Wales covering Mental Health, Neurological, Learning Disabilities & Autism, Children & Education, providing opportunities for growth and development.

Do you have experience working as a Business Analyst on security, infrastructure or compliance related projects? If so, join Elysium Healthcare as the Security Business Analyst.

As the Security Business Analyst, you will support the structured planning, coordination, and delivery of cyber security initiatives across the organisation. Working as a central link between security governance, IT delivery, and business stakeholders, you will ensure that security requirements are clearly defined, scoped, and delivered in a traceable, auditable way.

You will play a vital role in translating risk, regulatory, and technical requirements into actionable delivery documentation. This includes supporting internal improvement programmes (e.g. PAM, MFA, hardening) and external partner-led projects. You will act as a central coordination point across multiple stakeholders — ensuring security expectations are consistently embedded into project outcomes.

In addition to delivery support, the role contributes to project governance packs, assurance reporting, stakeholder engagement, and ongoing documentation of risk treatments or security decisions. You will help maintain delivery continuity and control alignment across change activities.

As a Security Business Analyst, you will be:

• Leading the capture and documentation of cyber security and compliance requirements
• Translating regulatory and risk drivers into clear scope statements and delivery artefacts
• Producing and maintaining project documentation (e.g. RAID logs, traceability matrices, solution briefs)
• Coordinating across internal teams and external delivery partners to align expectations and scope
• Tracking delivery of security requirements through to implementation and ensure traceability to business and risk objectives
• Contributing to project governance reporting, stakeholder packs, and audit-ready evidence
• Maintaining delivery continuity across multiple projects or vendors through structured handovers and knowledge transfer
• Supporting alignment with control frameworks (e.g. NIST CSF, DSPT, CE+, ISO 27001)

To be successful in this role, you will have:

• Experience working as a Business Analyst on security, infrastructure, or compliance-related projects
• Demonstrated ability to structure and trace complex requirements through to delivery
• Experience managing delivery dependencies and documentation across multiple stakeholders or vendors
• Exposure to risk-driven and audit-sensitive project environments
• (Desirable) Experience supporting NHS DSPT, CE+, or ISO 27001 projects
• (Desirable) Experience with delivery involving external suppliers, system integrators, or managed services
• Strong knowledge of business analysis techniques (e.g. process modelling, gap analysis, stakeholder mapping)
• Ability to translate risk, compliance, and technical requirements into structured documentation
• Familiarity with project governance artefacts such as business cases, RAID logs, traceability matrices, and solution design packs
• Understanding of cyber security control frameworks (e.g. NIST CSF, ISO 27001, DSPT, CE+)
• Skilled in managing requirements across waterfall, agile, or hybrid delivery model
• Strong stakeholder management, communication, and facilitation skills
• High attention to detail when producing audit-ready documentation
• (Desirable) Familiarity with tooling such as PAM, MFA, EDR, or vulnerability management from a process or requirements perspective

What you will get:

• A competitive annual salary
• The equivalent of 33 days annual leave Pro Rata (inc Bank Holidays) – plus your birthday off!
• Free meals and parking
• Wellbeing support and activities to help you maintain a great work-life balance.
• 24 hour GP Service to ensure you are the best you can be
• Career development and trainingto help youachieve your career goals.
• Pension contribution to secure your future.
• Life Assurance for added peace of mind.
• Enhanced Maternity Packageso you can truly enjoy this special time.

There is also a range of other benefits including retail discounts, special offers and much more.

About your next employer:

You will be working for an established, stable and agile company with over 8,000 employees and a unique approach to the delivery of care. With a network of over 90 services across England and Wales covering Mental Health, Neurological, Learning Disabilities & Autism, Children & Education, there is opportunity for you to grow and move.

Elysium Healthcare is part of Ramsay Health Care with a global network that extends across 10 countries and employs over 86,000 people globally.

Elysium Healthcare follows safer recruitment of staff for all appointments and is a Disability Confident employer, committed to inclusive and accessible recruitment. It is a requirement that all staff understand it is each person’s individual responsibility to promote and safeguard the welfare of service users. All candidates will be subject to a DBS disclosure.

• Experience working as a Business Analyst on security, infrastructure, or compliance-related projects, demonstrated ability to structure and trace complex requirements, experience managing delivery dependencies and documentation across multiple stakeholders or vendors, exposure to risk-driven and audit-sensitive project environments, strong knowledge of business analysis techniques, and understanding of cyber security control frameworks.

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Depending on experienceSalary expectations will be discussed at interview stage.