Job Description

We are recruiting on behalf of our client within the Technology and Security industry for Security Analyst to work on site representing ij.

An analyst is required to join our team delivering the security programme in support of IT Separation at a major UK retailer. The Security Analyst will work alongside a programme lead, security strategist and solution architect to analyse as-is security models & systems, capture and document business and technical requirements for security and carry out SDA (Security Design Authority) analysis on technical designs and business change designs.



  • Business analysis experience
  • Experience in a security context in at least one security domain, eg IAM, N/W security, Data Security, Fraud, Risk & Compliance
  • Knowledge of both agile & waterfall delivery models
  • Excellent written & verbal comms skills
  • Ideally some experience of having worked within the retail sector


  • Security Requirements Specification (*.doc) Baselined and managed under change control, tracks the business requirements against evolving delivery. Aligned with RACI and Benefits Realisation
  • Security Process and Business Operating Model Analysis (*.doc) Individual analyses of as-is / to-be business operating model (BOM) and supporting business processes necessary for the implementation of the projects or programme
  • Business Change Security Impact Assessment (*.doc) Provided against specific changes, deliveries or systems. Assesses the changes in business operating model, resourcing, cost/benefit model and business processes. Supported by inputs from business analysis function.
  • Security Risk Register & RAIDD mapping & tracking (*.xls) Risks categorised against security framework. Proactive risk management and on-going mitigation and risk management analysis.
  • Requirements Analysis & Technical Options (*.doc) Analysis of business and technical requirements to understand the feasibility of delivering a solution and the assessment of the most appropriate solution where alternatives exist – this will be consistent with target architecture and architectural guidelines. Includes VRoM cost and duration analysis

Inputs to:

  • Security Governance Model (*.doc; *.ppt) Lays out the approach to governance, organisational model, and terms of reference. Identifies key governance processes and provides templates
  • RACI, Stakeholder Mapping & Communications plan (*.xls; *.mpp; *.ppt) Including management of business / technology engagement strategy, rhythm and format necessary to support Agile delivery process where necessary. Communications plan covers
    • Who: RACI and audience segmentation plan against programme life-stage
    • What: Key Messages by audience
    • When: Programme Communications Plan
    • How: Open channels at portfolio level (eg monthly comms, all hands events), specific channels for particular comms at particular times.
    • Why: What is the call to action if any?
  • Security Training Needs Analysis (*.doc) This document defines the training needs for different user groups and is aligned with the deployment strategy & plan. The analysis covers training requirements per user group, medium (eg online, in person), source of training materials and timing in relation to deployment and usage type.
  • Security Ticket Handling (*.xls) Where security input is required for Service Operations ticket handling, then this template provides for security evaluation or actions that may arise has output both to SOC and to Service Operations
  • Analysis of current status and documentation (*.ppt) Assesses the current status of existing architecture vs target architecture for the domain and understand current strategy, business and technical requirements - Evaluation of current documentation and identification of any gaps
  • Security Impact Assessment (*.doc) Impact assessment of technical requirements to identify specific changes to existing architecture and to provide VROM estimates. This may identify a number of steps that are required to achieve the final solution that complies with the target architecture and technical roadmap which will need to be prioritised in conjunction with the project team.

inglis jane are digital delivery experts. Since 2001 our community of outcome-focused professio

Save Job