Security Business Analyst

Security Business Analyst
Remote (UK-based)
Competitive daily rate, Outside IR35
6 months with chance of extension

Why Apply?
This is a unique opportunity to contribute to a large-scale uplift of security posture across a global organisation operating at enterprise scale. Following a refresh of security policies aligned to NIST CSF v2.0, the company requires a strong Security Business Analyst to carry out a broad review of systems, infrastructure, and applications. This role will focus on identifying legacy security issues, performing gap analysis, and assessing how fit-for-purpose existing security controls are under the updated standards.

Key Responsibilities

• Perform end-to-end security control assessments across infrastructure, enterprise applications, SaaS platforms, and bespoke systems.
• Review current ("as-is") environments and conduct gap analyses against the organisation's new security control framework based on NIST CSF v2.0.
• Identify weaknesses or outdated practices and define clear, actionable remediation plans in partnership with other teams.
• Dig into legacy security issues and help shape the future state of security posture.
• Work across a wide stack including AWS, GitHub Enterprise, Slack, Zoom, Atlassian, and SaaS tools like Workday, Workiva, and EquatePlus.
• Partner with internal stakeholders to ensure compliance and drive down organisational risk.

• Proven experience in security auditing and assessment across a broad range of technologies.
• Strong working knowledge of cloud platforms, enterprise infrastructure, and SaaS environments.
• Ability to dig into security controls and evaluate them against formal security frameworks.
• Experience conducting risk assessments, performing gap analysis, and recommending mitigations.
• Confident working with technical and non-technical stakeholders to influence remediation strategies.
• Desirable exposure to tools such as Splunk, Crowdstrike, AWS, Kubernetes, or MITRE ATT&CK.