Business Analyst - Security Hub

• The Business Analyst (BA) serves as the primary liaison between business stakeholders, security teams, architects, and engineering teams throughout the Security Hub program. The BA is responsible for gathering, documenting, analyzing, and validating business, operational, compliance, and reporting requirements while ensuring alignment with Client's security, governance, and Data Private Cloud (DPC) objectives.
• The Business Analyst will support the definition of security controls, workflows, reporting requirements, integrations, and operational processes required to establish Security Hub as the authoritative system of record for security findings and compliance evidence.

• Facilitate requirements gathering workshops with business, security, risk, compliance, and technology stakeholders.
• Document functional and non-functional requirements.
• Develop business requirements documents (BRDs), functional specifications, and user stories.
• Manage requirements traceability throughout the project lifecycle.
• Validate requirements against business objectives and regulatory expectations.

• Analyze current-state security operations, governance, and reporting processes.
• Identify gaps, inefficiencies, and opportunities for automation.
• Define future-state workflows supporting Security Hub operations.
• Support development of remediation, escalation, approval, and exception management processes

• Document business requirements supporting approximately 60 security controls across multiple domains.
• Assist with mapping business requirements to technical controls.
• Support compliance reporting and evidence-generation requirements.
• Ensure traceability between controls, workflows, reporting, and operational procedures.

• Coordinate stakeholder interviews, workshops, and review sessions.
• Facilitate alignment between business users, architects, and engineering teams.
• Support decision-making processes through documentation and analysis.
• Communicate project status, risks, and dependencies to stakeholders.

• Gather and document reporting, KPI, dashboard, and executive scorecard requirements.
• Define operational reporting and compliance reporting needs.
• Support development of audit-ready reporting and evidence-generation capabilities.
• Validate reporting outputs against stakeholder expectations.

• Document business requirements supporting platform integrations and workflow orchestration.
• Define data ownership, data lineage, and business process requirements.
• Support definition of Security Hub system-of-record requirements.
• Assist with data validation and user acceptance testing activities.

• Develop user acceptance testing (UAT) scenarios and test cases.
• Coordinate UAT activities with business stakeholders.
• Validate delivered functionality against documented requirements.
• Support defect triage and issue resolution.

• Support development of training materials and user documentation.
• Assist with knowledge transfer and operational readiness activities.
• Support organizational adoption of new Security Hub processes and capabilities.
• Participate in production readiness and hypercare activities.

• 7+ years of business analysis experience supporting technology or cybersecurity initiatives.
• Experience gathering and documenting requirements for large-scale enterprise projects.
• Experience working with business, technology, and security stakeholders.
• Experience supporting Agile delivery methodologies.

• Requirements Gathering & Analysis
• Process Mapping & Workflow Design
• User Story Development
• Requirements Traceability
• Gap Analysis
• Stakeholder Management
• Workshop Facilitation
• Documentation & Reporting
• Security & Compliance Knowledge
• Security Operations Concepts
• Security Controls & Governance
• Risk Management
• Audit & Compliance Processes
• Identity & Access Management Concepts
• Security Monitoring & Reporting

• Jira / Azure DevOps
• Confluence
• Microsoft Office Suite
• Visio / Lucidchart
• Reporting and Dashboard Tools

• Experience supporting cybersecurity, security operations, IAM, SIEM, SOAR, CNAPP, CSPM, or governance initiatives.
• Experience working within financial services organizations.
• Knowledge of NIST, CIS, ISO 27001, or similar security frameworks.
• Experience supporting OpenShift, cloud security, or platform modernization initiatives.
• Experience supporting regulatory, audit, or compliance programs.

• Business Requirements Documents (BRDs)
• Functional Requirements Specifications
• User Stories and Acceptance Criteria
• Process Flows and Workflow Diagrams
• Requirements Traceability Matrix
• Control Mapping Documentation
• Dashboard & Reporting Requirements
• UAT Plans and Test Cases
• Training Materials and User Guides
• Operational Readiness Documentation
• Success Measures
• Complete and accurate requirements documentation
• Successful alignment of business and technical stakeholders
• Traceability between requirements, controls, and delivered functionality
• Successful completion of UAT and stakeholder acceptance
• Delivery of audit-ready reporting and compliance requirements
• Smooth transition to production and operational adoption
• Minimal rework due to unclear or incomplete requirements

businessexcellence@aptask.com

About ApTask:
ApTask is a leading global provider of workforce solutions and talent acquisition services, dedicated to shaping the future of work. As an African American-owned and Veteran-owned company, ApTask offers a comprehensive suite of services, including staffing and recruitment solutions, managed services, IT consulting, and project management. With a focus on excellence, collaboration, and innovation, ApTask provides unparalleled opportunities for professional growth and development. As a member of the ApTask team, you will have the chance to connect businesses with top-tier professionals, optimize workforce performance, and drive success across diverse industries. Join us at ApTask and be part of our mission to empower organizations to thrive while fostering a diverse and inclusive work environment.

Applicants may be required to attend interviews in person or by video conference. In addition, candidates may be required to present their current state or government issued ID during each interview.

Candidate Data Collection Disclaimer:
At ApTask, we prioritize safeguarding your privacy. As part of our recruitment process, certain Personally Identifiable Information (PII) may be requested by our clients for verification and application purposes. Rest assured, we strictly adhere to confidentiality standards and comply with all relevant data protection laws. Please note that we only collect the necessary information as specified by each client and do not request sensitive details during the initial stages of recruitment.

If you have any concerns or queries about your personal information, please feel free to contact our compliance team at

businessexcellence@aptask.com