This role is the primary driver of client-facing IT assessments at EXOS, responsible for leading discovery engagements, evaluating client environments against best practices, and producing clear, actionable assessment deliverables that inform technology roadmaps and service recommendations. The Business Analyst owns the assessment lifecycle from scoping and discovery through analysis and final report delivery, working closely with technical engineers and internal stakeholders to translate findings into meaningful business outcomes for clients.
Key Responsibilities
1) Assessment Delivery (Primary)
Lead and manage the full lifecycle of client IT assessments, from initial scoping and kickoff through data collection, analysis, and final report delivery.
Conduct structured discovery sessions with client stakeholders to understand their current environment, business objectives, pain points, and risk tolerance.
Coordinate with EXOS technical engineers to gather environment data and validate findings across key assessment domains, including:
Infrastructure & endpoint health
Security posture and vulnerability exposure
Identity and access management
Backup and disaster recovery readiness
Patch compliance and update management
Cloud and M365 configuration and hygiene
Analyze collected data to identify gaps, risks, and opportunities, and develop prioritized findings with clear remediation recommendations.
Produce polished, client-ready assessment reports and executive summaries that communicate technical findings in business terms.
Present assessment findings to client stakeholders and internal teams, facilitating discussion around priorities and next steps.
2) Assessment Methodology & Standards (Co-Primary)
Develop, maintain, and continuously improve EXOS assessment frameworks, templates, and scoring rubrics to ensure consistency and quality across all engagements.
Build and refine standardized data collection tools, questionnaires, and discovery checklists aligned to industry frameworks (e.g., CIS Controls, NIST, ISO 27001).
Establish repeatable processes for assessment scoping, scheduling, data gathering, and report production that scale across the volume of client engagements.
Identify opportunities to leverage automation and tooling (RMM data exports, configuration audits, etc.) to accelerate and improve assessment accuracy.
Document methodology updates and maintain an internal knowledge base of assessment standards, benchmarks, and best practice references.
3) Findings Analysis & Roadmap Development
Synthesize technical findings into prioritized risk registers and technology roadmaps that give clients a clear picture of where to focus investment and effort.
Map identified gaps to potential EXOS service offerings or project engagements, supporting the sales and CSM teams with scoped recommendations.
Apply consistent risk scoring and prioritization methodology across findings to ensure clients receive objective, defensible guidance.
Track recurring themes and common findings across assessments to inform service offering development and internal knowledge sharing.
4) Stakeholder Engagement & Communication
Serve as the primary client-facing point of contact throughout the assessment engagement, managing timelines, expectations, and communication.
Facilitate discovery workshops, interviews, and walkthroughs with both technical and non-technical client stakeholders.
Collaborate closely with EXOS engineers, sales, and CSM teams to align assessment scope, findings, and recommendations with broader client relationships.
Deliver findings presentations that are clear, credible, and tailored to the audience ? from IT staff to executive leadership.
5) Continuous Improvement & Internal Enablement
Contribute to building EXOS's assessment practice by documenting lessons learned, refining deliverable quality, and sharing insights across the team.
Support pre-sales efforts by assisting with scoping conversations, assessment proposals, and articulating the value of assessment engagements to prospective clients.
Stay current on evolving IT and cybersecurity best practices, threat landscapes, and compliance requirements relevant to the SMB and mid-market space.
Provide internal feedback loops to engineering and service delivery teams based on recurring assessment findings that signal systemic gaps in managed environments
Qualifications
Education: Bachelor's degree in business administration, Information Systems, Cybersecurity, or a related field (or equivalent work experience).
Experience: 3+ years in a Business Analyst, IT Consultant, vCISO, or assessment-focused role within a technology services, MSP, or IT consulting environment.
Technical Skills:
IT Assessment & Audit:
Demonstrated experience conducting IT or cybersecurity assessments, audits, or gap analyses across client environments.
Familiarity with common assessment frameworks including CIS Controls, NIST CSF, ISO 27001, or SOC 2.
Ability to evaluate environments across security, infrastructure, identity, backup/DR, patching, and cloud hygiene domains.
Report Writing & Deliverable Production:
Strong ability to produce polished, client-ready reports, executive summaries, and risk registers from technical findings.
Experience translating complex technical data into clear business language for non-technical stakeholders.
Proficiency in Microsoft Word, PowerPoint, and Excel for deliverable creation and data presentation.
MSP & IT Platform Familiarity:
Working knowledge of common MSP and IT tooling (RMM, PSA, documentation platforms) and the data they surface.
Familiarity with Microsoft 365, Azure AD/Entra ID, endpoint management, and network security concepts relevant to SMB environments.
Data Analysis:
Comfortable working with exported data sets from IT platforms to identify trends, gaps, and risk indicators.
Experience with Excel, Power BI, or similar tools for analysis and visualization of assessment findings.
Soft Skills:
Exceptional written and verbal communication skills, with the ability to translate complex technical findings into clear business language.
Strong analytical and critical thinking skills, with a structured approach to risk evaluation and prioritization.
Confident and polished presenter ? comfortable delivering findings to both technical teams and executive stakeholders.
Proven ability to manage multiple concurrent assessment engagements and meet delivery deadlines.
Self-directed and detail-oriented, with a commitment to producing accurate, high-quality client deliverables.
Certifications (Preferred but not required):
CompTIA Security+ or CySA+
CISA (Certified Information Systems Auditor)
NIST CSF or CIS Controls practitioner training
ITIL Foundation certification
Microsoft 365 or Azure fundamentals certification