Job Description

5 - 7 Years
1 Opening
Bangalore

Role description

Business Analyst - Information Security & Risk Compliance

Location:

Bengaluru

Experience Range:

6 to 8 Years

Job Type:

Full-Time

Role Proficiency

Analyze and understand the business needs of clients and recommend secure, compliant, and risk-aware solutions. Perform complex business analysis tasks with limited support, especially in the domains of risk management and information security. Collaborate effectively with stakeholders to ensure project requirements are aligned with risk control objectives.

Key Responsibilities

Business Analysis & Stakeholder Engagement

Understand and define complex business requirements and align them with security and compliance goals. Lead elicitation sessions, facilitate stakeholder collaboration, and validate requirements. Design, define, document, and communicate software and non-functional requirements. Develop and maintain BA artefacts and reusable methodologies. Proactively manage stakeholder relationships and ensure consensus on deliverables. Mentor junior Business Analysts and support business development initiatives where needed.

Risk, Security & Compliance

Conduct Business Impact Analysis (BIA) and risk assessments for third-party applications, vendors, and systems. Identify and communicate information security risks and compensating controls. Review vendor/third-party contracts for alignment with internal policies and regulatory frameworks. Conduct internal audits to assess compliance with organization security policies and ISO standards. Prepare risk reports and provide mitigation recommendations.

Solution Evaluation & Change Control

Recommend appropriate solutions using a combination of metrics and strategic analysis. Ensure traceability, impact assessment, and version control of all requirement changes. Support solution evaluations with measurable KPIs and stakeholder-aligned metrics.

Process & Artefact Management

Own project documentation, templates, and process flows. Drive the adoption of tools, templates, and processes across project teams. Use BA tools to model workflows, use cases, current/future state diagrams, and user stories.

Must Have Skills

Business Analysis in Information Security Domain

Risk Management and Operational Risk Assessment

Compliance & Risk Control

ISO 27001 Auditing / Lead Implementation

Cybersecurity Frameworks: NIST CSF, ISO 27001

BIA and Risk Assessments for Third Parties

Stakeholder Communication (Technical & Non-Technical)

Process Modeling, Use Case & Workflow Diagrams

Excellent Documentation, Presentation & Negotiation Skills

Good to Have Skills

Experience with TPRM tools like

Archer

or

OneTrust

Knowledge of contractual review in security context Exposure to

Agile

,

Scrum

, or other SDLC methodologies Familiarity with

Data Privacy Regulations

(e.g., GDPR) Cross-functional collaboration with

distributed teams

Education Qualification

B.E. / B.Tech. / MCA / MBA

with specialization in

Information Security

Certifications (Mandatory)

ISO 27001 Lead Auditor

or

Lead Implementer

CRISC

(Certified in Risk and Information Systems Control) - Preferred

Measures of Success

Direct contribution to business value through secure and compliant solutions Quality and traceability of requirements and documentation Effectiveness of stakeholder collaboration and risk communication Adoption of BA tools and frameworks across teams Feedback from senior stakeholders and auditors

Outputs Expected

Risk-aware business requirements and artefacts Timely communication and decision support documents Risk reports, control recommendations, and audit findings BA templates and reusable assets Mentorship of junior analysts and support for leadership

Skills

Risk management,Risk Compliance,information security,Risk assesment, Risk control, Operational Risk

About UST

UST is a global digital transformation solutions provider. For more than 20 years, UST has worked side by side with the world's best companies to make a real impact through transformation. Powered by technology, inspired by people and led by purpose, UST partners with their clients from design to operation. With deep domain expertise and a future-proof philosophy, UST embeds innovation and agility into their clients' organizations. With over 30,000 employees in 30 countries, UST builds for boundless impact--touching billions of lives in the process.