Business Analyst - Cyber

Business Analyst - Cyber Security

• Annual Salary: £45,084 to £55,435 per annum experience dependent + 12.5% employer pension + private medical insurance
• Location: Bristol - with parking
• Job Type: Full-time

We are seeking an experienced Business Analyst with a strong understanding of Secure by Design principles, ideally aligned with UK government cyber security frameworks. This role is crucial for integrating business needs with cyber security requirements to ensure that services are designed, built, and maintained with security from the outset.

Day-to-day of the role:

• Elicit and document business and functional requirements with Embedded security and privacy considerations.
• Produce security-aware artefacts, including Business Requirements Documents (BRDs), Functional Specifications, Threat Modelling inputs, Risk Assessment reports, and Security Requirements Traceability Matrix (SRTM).
• Support the identification and documentation of service assets, data flows, and access controls.
• Contribute to security risk assessments, Data Protection Impact Assessments (DPIAs), and asset classification activities.
• Facilitate workshops with security, compliance, and technical stakeholders to capture security obligations.
• Ensure traceability from security requirements through to test validation and service go-live.
• Support the secure onboarding and retirement of service components, aligned with UK government guidance.

Required Skills & Qualifications:

• 3-5 years of experience as a Business Analyst in secure or regulated environments.
• Demonstrable experience working on security-critical, compliance-driven, or government-led programmes is ideal but not essential.
• Strong knowledge in designing operational processes and service transition.
• Familiarity with Secure by Design principles, NCSC guidelines, Cyber Essentials, ISO 27001, UK GDPR, and Data Protection Act is preferred.
• Proficient in requirements gathering, stakeholder analysis, and documentation.
• Ability to produce and manage artefacts like process maps (BPMN, flowcharts), risk logs, SRTMs, DPIAs, data flow diagrams, and access control matrices.
• Skilled in generating diagrammatical representations in common software packages.

If you are interested in this positon please apply online or for more information please contact me on