Business Analyst - ISO27001, HMG, Togaf/Sabsa

- Evidence of understanding of IT Security, policies, principles and technologies
- Evidence of knowledge of Enterprise Architecture, Security Architecture or Solutions Architecture
- Evidence of understanding of requirements, solutions and architectures
- Evidence of understanding of security analysis

MAIN DUTIES AND RESPONSIBILITIES:

Provide thought leadership on emerging technologies, market trends, industry standards and best practices; Providing technical leadership to the wider architecture team; Responsible for architecture and design governance in line with Product and IT strategy, architectural roadmaps and Quality Policy with accountability for key design decisions; Provide hands-on technical leadership, in the development, operation and ongoing improvement of complex, transformational digital services serving millions of users; Work with product managers to understand user needs for new and existing services; Act as the technical authority in prospective, information gathering and scene setting meetings, evaluate technical proposals from external suppliers, and make implementation recommendations to senior stakeholders; Identify key API requirements for integration with internal and external systems; Lead development of user-driven prototypes to identify technical options and inform architectural approaches, working with colleagues and supplier team members to write tests, code and documentation for new and existing systems; Ensure system architectures are robust, scalable, open and secure, with appropriate overall system design and integration points/APIs, to deliver a high quality user experience.

ADDITIONAL QUALIFICATIONS REQUIRED FOR THIS ROLE

- CISSP
- CISMP
- CESG Certification for IA Professionals

KEY TASKS AND DELIVERABLES

- An understanding of current and emerging IT Security, Policies, principles and technologies
- Knowledge of Enterprise Architecture, Security Architecture or Solutions Architecture
- Experience of risk assessment and management methodologies and tools
- Knowledge of ISO27001, HMG & Departmental information security policies and standards
- Understanding of requirements, solutions and architectures
- Understanding of Security Analysis
- Awareness of industry standard enterprise architecture frameworks such as TOGAF/SABSA.
- Establish Early Systems Development Life Cycle Assessment process to enable early assessment of the security risks/issues/concerns for initiatives.
- Feasibility engagement with business, IT and on innovations to ensure risks/issues are understood at the start of the proposition thereby informing detailed requirements and business cases at the outset
- Develop a library of reusable assessments/patterns that can be used as a reference for new requirements.