Business Analyst - Cyber Security
JOB TITLE: Business Analyst-Cyber Security JOB LOCATION: Quincy MA WAGE RANGE*: $75-$80 JOB NUMBER: ITS77-EHS-FY26-BUSANALYST-022 – SECURITY JOB DESCRIPTION: This role requires excellent writing and analytical skills, with a focus on documenting security policies, procedures, workflows, and processes. The successful candidate will work closely with members of the EOHHS CISO's Office, IT teams, and agency stakeholders to analyze existing security practices, identify process gaps, and translate informal or undocumented procedures into clear, structured documentation. Strong analytical, communication, and presentation skills are critical, as the role requires gathering information from technical subject matter experts and transforming it into documentation and artifacts that support operational consistency, audit readiness, and strategic decision-making The primary work location for this role will be at 100 Hancock Street, Quincy, Massachusetts 02171. The work schedule for this position is Monday thru Friday, 8:00AM to 4:00PM EST. This position is expected to follow a hybrid model of reporting to work that combines in-office workdays and work from home days as needed. The Security IT Business Analyst is expected to occasionally travel to EOHHS agency area offices or group homes within the Commonwealth of Massachusetts as needed. DETAILED LIST OF JOB DUTIES AND RESPONSIBILTIES: policies, standards, procedures, standard operating procedures (SOPs), playbooks, runbooks, workflows, swim lane diagrams, and process guides. Analyze and document current-state security processes through interviews, observation, and analysis to identify gaps, inefficiencies, risks, and opportunities for improvement. Support security governance, compliance activities, and audit readiness by ensuring documentation is complete, accurate, and aligned with Commonwealth, federal, and industry security frameworks. Facilitate collaboration between the EOHHS CISO's Office, IT teams, agency stakeholders, and external partners to ensure security processes are clearly defined, understood, and consistently implemented Prepare reports, presentations, process documentation artifacts, and dashboards to track security initiatives and communicate progress to stakeholders and leadership. Assist in the development of security training, documentation, and communications that will promote adoption of security policies and best practices. Develop future-state process documentation and operational roadmaps that support improvements in security operations maturity and effectiveness. Contribute to the planning, tracking, and monitoring of security projects and initiatives to ensure timely delivery and alignment with security strategy and operational priorities. Manage and document risks, issues, and decisions related to security policies, operational processes, and improvement initiatives within the EOHHS CISO's Office. Participate in security reviews and assessments and document findings, process gaps, and recommended remediation steps. Serve as a resource for gathering, analyzing, and documenting requirements for security initiatives, tools, operational processes, and documentation artifacts. Provide clear, structured, and auditable documentation that supports decision-making, operational consistency, audit response, and process improvement initiatives. Translate informal or undocumented security practices into repeatable, documented processes that improve operational consistency and accountability. Perform other related duties as assigned to support the mission of the EOHHS CISO's Office and the continuous improvement of security operations processes. Preferred Qualifications : 5–8 years of experience in information technology or cybersecurity, with at least 3 years in a business analyst, process analyst, technical writer, security analyst, or related role. Strong understanding of information security concepts, frameworks, and best practices including: National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) Center for Internet Security Controls (CIS Controls) ISO/IEC 27001 Equal opportunity employer as to all protected groups, including protected veterans and individuals with disabilities * While an hourly range is posted for this position, an eventual hourly rate is determined by a comprehensive salary analysis which considers multiple factors including but not limited to: job-related knowledge, skills and qualifications, education and experience as compared to others in the organization doing substantially similar work, if applicable, and market and business considerations. Benefits offered include medical, dental and vision benefits; dependent care flexible spending account; 401(k) plan; voluntary life/short term disability/whole life/term life/accident and critical illness coverage; employee assistance program; sick leave in accordance with regulation. Benefits may be subject to generally applicable eligibility, waiting period, contribution, and other requirements and conditions. Benefits offered are in accordance with applicable federal, state, and local laws and subject to change at TCM's discretion.
