- Company Name
- VySystems Singapore
- Job Title
- Akamai Business System Analyst+ CASA
- Job Description
-
**Job title:** Business System Analyst – API Security and Governance (CASA)
**Role Summary:**
Serve as the primary liaison between cybersecurity, development, architecture, and business teams to establish, maintain, and continuously improve API security and governance capabilities. Translate regulatory and business needs into actionable API security requirements, ensure compliance with enterprise standards, and drive adoption of best practices across the API lifecycle.
**Expectations:**
- Hold or be certified as a Certified API Security Analyst (CASA) – optional but advantageous.
- Strong knowledge of API security protocols (OAuth 2.0, OpenID Connect, JWT, mTLS) and regulatory frameworks (PCI DSS, GDPR, Open Banking).
- Proven experience leading API governance initiatives, vulnerability assessments, and penetration testing remediation.
- Excellent communication skills for facilitating workshops, training, and cross‑functional collaboration.
- Ability to produce clear documentation, traceability matrices, and compliance reports.
**Key Responsibilities:**
1. Gather, document, and translate business, risk, and regulatory requirements into API security and governance specifications.
2. Assess current and target‑state API lifecycle processes; recommend enhancements to strengthen security posture.
3. Define, validate, and enforce controls for authentication, authorization, encryption, rate limiting, and threat detection on APIs.
4. Align all security practices with corporate InfoSec standards and industry best practices.
5. Conduct and support vulnerability assessments, penetration tests, and remediation of API security findings.
6. Design, implement, and manage governance processes covering API design, onboarding, publishing, versioning, monitoring, and decommissioning.
7. Ensure compliance with company API governance framework and external regulatory obligations; prepare audit‑ready documentation.
8. Maintain accurate metadata and end‑to‑end traceability across the API catalog.
9. Act as a liaison among cybersecurity, development, architecture, risk, and business stakeholders.
10. Lead workshops, training sessions, and adoption initiatives for API security best practices.
11. Oversee requirement traceability from development through testing to deployment.
12. Manage integration of APIs with monitoring and logging platforms (e.g., Akamai, Splunk, Apigee, MuleSoft).
13. Generate governance scorecards, compliance reports, and metrics for leadership and audit teams.
14. Identify, assess, and manage risks, dependencies, and change requests throughout the API lifecycle.
**Required Skills:**
- API security architecture and best practices
- OAuth 2.0, OpenID Connect, JWT, mTLS, encryption, rate limiting, threat detection
- Regulatory compliance (PCI DSS, GDPR, Open Banking)
- Vulnerability assessment, penetration testing, remediation
- API lifecycle management and governance frameworks
- Documentation, traceability, metadata management
- Strong stakeholder communication and workshop facilitation
- Experience with API monitoring/logging platforms (Akamai, Splunk, Apigee, MuleSoft)
- Project management and risk assessment
**Required Education & Certifications:**
- Bachelor’s degree in Computer Science, Information Security, or related field, or equivalent experience.
- Certified API Security Analyst (CASA) preferred; other API or security certifications (e.g., CISSP, CISA, CISM, OCP) are advantageous.