Information Security takes a proactive approach to protecting EY’s brand through robust technical security controls, a clearly defined security strategy and ongoing compliance and incident management programs designed to detect and protect against increasingly sophisticated threats against the organization.

You will work with technologists and business specialists to meet the increasing pace of our business. That means more growth for you, exciting learning opportunities, career choices, and the chance to make a real impact.

The opportunity

The Senior Security Business Analyst role within the Enterprise Security Program is essential for supporting security initiatives by ensuring that business and security requirements are accurately captured, documented, communicated, and managed. The role partners with project stakeholders and Information Security Services to evaluate needs, propose solutions, and facilitate agreement on implementation. As a subject matter expert, the Senior Security Business Analyst provides actionable insights that enable effective decision‑making and risk mitigation.

As a member of the Information Security Service Delivery team, the Senior Security Business Analyst role successfully and efficiently drives business process improvement via the methodical investigation, analysis, review and documentation of all or part of a business in terms of business functions and processes.

Your key responsibilities

Elicitation, analyzing, documenting, and managing business and security requirements for complex projects within the Enterprise Security Program.
Collaboration with business, security, technical, and project management stakeholders to ensure requirements are clear, feasible, and aligned with organizational objectives.
Partnering with Security Quality Assurance staff to validate and test security solutions to confirm they meet documented requirements.
Tracing requirements to the corresponding code, policy, confirmation, or other implementation artifacts, as well as to the test cases that validate them.
Contributing to continuous improvement of security business analysis processes and tools as a subject matter expert both in terms of business analysis and the security domain.
Sharing of knowledge and best practices with peers to support team effectiveness.

Skills and attributes for success

To be successful in this role, candidates should possess the following core skills:

Strong ability to communicate fluently in English and adapt communications to various audiences, including Executives, Sponsors, Management, overall organization and project teams – includes verbal, written and presentation skills
Breakdown barriers of delivery with well thought out challenges and escalations, if necessary
Personal accountability to adhere and comply of all required business analyst deliverables and requirements
Ability to collaborate across functional teams, cultures and geographies and to build trust virtually
Strong working knowledge or experience with Identity and Access Management
Track record of customer focus that is based on openness, trust, and delivering on promises
Extensive experience writing and reviewing business, user, and non-functional/system level requirements
Highly adept at obtaining alignment and approval of business requirements (functional and supplemental) from user community
Extensive experience in selecting and executing elicitation techniques such as Interviews, Exploratory Prototypes, Facilitated Workshops, Focus Groups, Observation, User Task Analysis, Documentation Study and Surveys and overall Process Re-engineering
Development and deployment of formal business analysis methods and tools to govern and control programs
Solid understanding of the following requirements models: Stakeholder Categories, Actor Tables, Glossary, Context Diagram, Data Model, Class Model, Data Dictionary, Event Response Tables, State Diagrams, Business Rules, Decision Tables, Process Maps, Use Cases, and Activity Diagrams
Leader in the use of IT methodologies, processes and standards for business analysis

Desired qualifications

Preferably 8–10 years’ experience in business analysis within the information security domain for large, geographically diverse programs.
Strong expertise in security technologies (cloud, network, perimeter, messaging, endpoint, and data security).
Proficiency in requirements management methodologies and tools.
Advanced communication and stakeholder engagement skills.
Relevant certifications (e.g., CISSP, CISM, CBAP) are highly desirable.

About EY

As a global leader in assurance, tax, transaction, and advisory services, we’re using the finance products, expertise, and systems we’ve developed to build a better working world. Whenever you join, however long you stay, the exceptional EY experience lasts a lifetime.

If you can confidently demonstrate that you meet the criteria above, please contact us as soon as possible.

Apply now

See more open positions at EY

Privacy policy Cookie policy

Our Mission

Our History

Our Team

Our Board of Trustees

Board of Trustees Student Nominations

Audited Financials

Careers

Mentorship

Apprenticeship Pathway Program

Talent Network

Founders

Membership

Lifetime Membership

Responsible AI Certification (RAIC)

Apprenticeship Pathway Program Apprentice

Apprenticeship Pathway Program Industry Partners

NEXT

Tech Collabs

GHC

Donate

Recurring Donate

Sponsors & Partner Opportunities

Membership Sponsorship

Our Communities

Systers

Gift Membership

Case Studies & White Papers

Technical Equity Experience Study (TechEES)

Impact Reports

Visual Impact Report

Top Companies

Pass It On Awards

AnitaB.org Tech Journey Scholarship

Our Resources

Blog

Podcast

Become a Member

AnitaB.org Talent Network

Information Senior Security Business Analyst