Business Analyst - Cybersecurity
Atlantic Lottery
We, Atlantic Lottery (AL), are looking for a Business Analyst (known internally as NIST Specialist) specializing in the National Institute of Standards and Technology (NIST) Cybersecurity Framework, to join our Moncton team. We understand that few candidates may have the NIST certification, but we are committed to supporting and upskilling the right candidate for this new role. As a Business Analyst, you will be responsible for gathering, analyzing, and documenting business requirements related to the implementation of the NIST Cybersecurity Framework (NIST-CSF). This role involves close collaboration with both technical and non-technical stakeholders to identify gaps in our cybersecurity posture and align the organization with NIST-CSF v2 standards.
This role is ideal for someone with a strong understanding of business analysis practices. You will thrive on translating business needs into actionable initiatives, ensuring that our NIST efforts meet compliance standards and enhance overall security maturity.
Closing Date: Posting will remain open until filled.
Reporting to: Director, Cybersecurity
Salary Band: $71,652 - $113,450. A reasonable estimate of the pay range for this role is $75,000 - $90,000 at the time of this posting. (Individual pay is determined by factors such as job-related skills, market conditions, relevant experience, education, training and internal equity).
Work Location: Office or Hybrid (2-3 days/week in Moncton office)
QualificationsEducation and Experience:
- Minimum of 3-5 years of experience as a Business Analyst, with at least 2 years working on cybersecurity or IT compliance projects.
- Bachelor's degree in Information Technology, Business Administration, Cybersecurity, or related field (or equivalent experience).
- Experience working with the NIST Cybersecurity Framework (NIST-CSF) is preferred.
- Familiarity with other cybersecurity frameworks and standards (e.g., ISO 27001, PIPEDA, SOC 2) is a plus.
Professional Skills:
- Analytical and Problem-Solving: Strong analytical and problem-solving skills, with the ability to identify business needs and cybersecurity requirements.
- Communication: Strong communication skills (written and verbal) and ability to interact effectively with both technical and non-technical stakeholders.
- Translation of Technical Information: Ability to translate complex technical information into business-friendly terms.
- Business Analysis Methodologies: Proficient in business analysis methodologies (e.g., BPMN, UML, Agile).
- Detail-Oriented: Meticulous in documenting and ensuring that all requirements, processes, and solutions are accurately captured and aligned with NIST-CSF standards.
- Collaboration: Strong teamwork skills, with the ability to work across departments and communicate effectively with technical teams.
- Adaptability: Comfortable working in a fast-paced, evolving environment, and capable of managing multiple priorities effectively.
- Proactive: Self-starter with the ability to identify issues and take initiative to address them.
Assets:
- Certified Business Analysis Professional (CBAP) or similar business analysis certification.
- While NIST Cybersecurity Framework (NIST-CSF) is desired for this role, we are open to candidates who do not yet have it, with the understanding that the organization will provide support for obtaining the certification as part of their growth in this position.
- Other relevant certifications such as, CISA, or CISM would be beneficial.
AL Benefits:
- Extended health coverage that includes medical, dental, and vision.
- Basic life insurance and disability.
- Defined Benefit Pension Plan.
- Three weeks of vacation annually (pro-rated) and 13 paid statutory holidays. Plus, we have a vacation purchasing program.
- Flexible Workplace Arrangements (Hybrid or Office)
- Wellness Support: Wellness programs focused on physical and nutritional health (and more), 3 paid personal care days and a 24/7 Employee & Family Assistance Program.
- Two volunteer days per year.
- Career advancement opportunities.
Recruitment Process: The last couple of years has accelerated change across our workplace, including our hiring practices! As a result, throughout your application process, you may be asked to connect with us virtually, and may not be required to meet in-person. All interviews are conducted in English, our working language, unless otherwise stated.
Internal Employees: Internal Employees interested in this opportunity must be in "good standing," which includes meeting expectations on their last performance review. Performance improvement plans, disciplinary action, attendance, mandatory training, and other performance related items will also be taken into consideration when determining the applicant's "good standing" status.
Eligibility to Work in Canada: As applicable, candidates must have acquired all required work permits/visas and other authorizations and otherwise be eligible to work in Canada at the time any offer of employment is made by AL. It is the sole responsibility of the candidate to obtain all required work permits/visas and other authorizations.
ResponsibilitiesRequirements Gathering: Collaborate with key business stakeholders, including IT, Vendor Management, Purchasing, Risk Management, and Marketing teams, to understand business needs and translate them into technical and functional requirements for NIST-CSF implementation.
Process Mapping & Documentation: Map out business and technical processes, document workflows, and create detailed reports to facilitate decision-making and future process improvements.
Stakeholder Collaboration: Coordinate with cybersecurity teams, third-party vendors, and other business teams to ensure smooth implementation of NIST-CSF controls and processes across the organization.
Training & Communication: Assist in developing training materials and communication plans to ensure stakeholders are aware of cybersecurity policies, procedures, and best practices.
Reporting & Metrics: Develop and maintain key performance indicators (KPIs) and metrics to track the progress and effectiveness of NIST-CSF implementation across the organization.
NIST-CSF Assessment: Assist in assessing the organization's cybersecurity posture and identify gaps in compliance with NIST-CSF v2 (Govern, Identify, Protect, Detect, Respond, Recover). Analyze existing processes, controls, and systems.
Continuous Improvement: Contribute to the ongoing evaluation and improvement of cybersecurity policies, procedures, and controls based on NIST-CSF and evolving industry standards.
We are committed to fostering an inclusive, accessible environment, where all employees and customers feel valued, respected and supported. We are dedicated to building a workforce that reflects the diversity of our customers and communities in which we live and serve. If you require an accommodation for the recruitment/interview process (including alternate formats of materials, or accessible meeting rooms or other accommodations), please let us know and we will work with you to meet your needs.
We thank all applicants for their interest, however, only those selected for an interview will be contacted. Please note that the successful candidate will be subject to reference and criminal/educational background checks prior to employment.
How to apply
To apply for this job you need to authorize on our website. If you don't have an account yet, please register.
Post a resume