CISO Business Analyst

The ideal candidate will bring experience in cybersecurity, regulatory compliance, and data-driven analysis, and will play a key role in improving current processes while helping design new and efficient ways of working across the Information Security function

Location: Karachi, Lahore, Islamabad, Multan, Faislabad.

Responsibilities:

• Gather and document business, technical, and regulatory requirements for cybersecurity initiatives.
• Translate complex cybersecurity and technical concepts into clear business requirements and process improvements.
• Document, analyse, and improve ServiceNow workflows for Information Security requests, including identifying automation opportunities.
• Support the documentation and enhancement of the Information Security Risk Assessment process.
• Work with the CISO Governance Manager to map legal, regulatory, and compliance requirements relevant to the security function.
• Review and map existing security policies and standards, identifying potential gaps.
• Develop dashboards, reports, and KPIs to support decision-making and track cybersecurity performance.
• Engage with stakeholders across Information Security, IT, business units, and vendors to gather requirements and validate solutions.
• Facilitate workshops, interviews, and process walkthroughs to ensure alignment and clarity.

Requirements:

• 3–6 years of experience in Business Analysis, preferably within Cybersecurity, IT Security, or Risk & Compliance environments.
• Strong experience in requirements gathering, process mapping, and stakeholder management.
• Familiarity with cybersecurity frameworks, governance, risk, and compliance (GRC) concepts.
• Experience working with ServiceNow workflows or similar ITSM platforms is preferred.
• Strong analytical, documentation, and reporting skills, including experience with dashboards and KPIs.
• Ability to translate technical security concepts into clear business language.
• Excellent communication and stakeholder engagement skills.