About First Derivative
First Derivative, an EPAM Company, is driven by people, data, and technology, unlocking the value of insight, hindsight, and foresight to drive organizations forward. Counting many of the world’s leading investment banks as clients, we help our clients navigate the data-driven, digital revolution that is transforming the financial services sector. Our global teams span across 15 offices serving clients across EMEA, North America and APAC.
As an EPAM Systems, Inc. (NYSE: EPAM) company, a leading global provider of digital platform engineering and development services, we deliver advanced financial services solutions by empowering operational insights, driving innovation, and enabling more effective risk management in an increasingly data-centric world. EPAM Systems, Inc. (NYSE: EPAM) is recognised as a leader in software product development by independent research agencies. Headquartered in the United States, EPAM employs IT professionals and serves clients worldwide utilizing its award-winning Central and Eastern European global delivery platform and its locations in 19 countries across 4 continents. In 2013, EPAM was ranked by Forbes as #6 among America’s 25 Fastest-Growing Tech Companies and #2 on the list of America’s Best Small Companies: 20 Fast-Growing Tech Stars
Together with EPAM, we combine deep industry expertise with cutting-edge technology to help clients stay ahead in a rapidly evolving financial landscape, offering comprehensive solutions that drive business transformation and sustainable growth.
We are hiring a Cyber Security Business Analyst to join our team in London on a full-time basis. The initial project you will be working on requires office attendance 5 days per week.

Key Responsibilities:

• Collaborate directly with the stakeholder to define and document business requirements.
• Produce high-quality documentation including:
• Business Requirements Documents (BRDs)
• Functional and Non-Functional Specifications
• Contribute meaningfully to the design of solutions rather than just facilitating workshops.
• Ask relevant, insightful questions about cybersecurity frameworks, processes, and tools.
• Support early scoping and requirement gathering across:
• Vulnerability management programs
• Policy compliance and audit-readiness
• Integration with existing systems

Desired Background:

• Strong IT background, ideally with exposure to:

Infrastructure
Networks

Security domains

• Not just a process BA – must bring technical acumen and domain knowledge.
• Able to bridge business and technical teams effectively.

Preferred Tool Experience:

• Qualys (or similar vulnerability management tools)
• ServiceNow (familiarity with how it’s used in security or compliance operations)

Soft Skills:

• Able to drive conversations, not just take notes.
• Proactive in understanding business context.
• Comfortable working in a fast-paced and evolving regulatory/tech environment

Candidate personal data will be processed in line with our Global Candidate Privacy Notic

• Collaborate directly with the stakeholder to define and document business requirements.
• Produce high-quality documentation including:
• Business Requirements Documents (BRDs)
• Functional and Non-Functional Specifications
• Contribute meaningfully to the design of solutions rather than just facilitating workshops.
• Ask relevant, insightful questions about cybersecurity frameworks, processes, and tools.
• Support early scoping and requirement gathering across:
• Vulnerability management programs
• Policy compliance and audit-readiness
• Integration with existing system