Skills

Communication Leadership Tableau Data Engineering Incident Response Cloud Security Splunk ServiceNow Decision-making Trend Analysis Facilitation Risk Reporting power bi SDLC

Job Specifications

Information Security Analyst (Senior Security Metrics & KRI Design Analyst)Alternate Job Titles:
Senior Cybersecurity Metrics Analyst
Cyber Risk Reporting & KRI Governance Lead
Security KPI/KRI Program Analyst
Information Security Business Intelligence Analyst
Cyber Risk Performance Measurement Consultant
Location & Work ModelMount Laurel, NJ
Hybrid (if located near a hub) or Remote (if not near a hub)Contract DetailsPosition Type: Contract
Contract Duration: 8 Months
Start: As Soon As Possible
Schedule: Monday-Friday, Core Business Hours (40 hours/week)
Overtime: No
Travel: NoExtension and conversion possible based on business needs and performance.About the OpportunityWe are hiring a Senior Security Metrics & KRI Design Analyst to support a strategic project within Global Security & Defense. This role focuses on uplifting the enterprise security reporting and governance framework across GRC and cybersecurity domains.You will join a 10-person collaborative team and partner closely with cyber domain leaders and executive stakeholders. This position offers high visibility with leadership and the opportunity to build long-term impact within a Top 10 North American bank.Role OverviewThe Senior Security Metrics & KRI Design Analyst is responsible for defining, governing, and driving adoption of enterprise security performance metrics, including Key Risk Indicators (KRIs), Key Performance Indicators (KPIs), and operational security metrics.You will collaborate with IAM, SOC, Vulnerability Management, Cloud Security, AppSec, GRC, and Third-Party Risk teams to translate risk appetite and strategy into measurable, automated, and trusted outcomes.Ownership includes the full lifecycle:Strategy → Design → Stakeholder Alignment → Implementation → Data Quality → Reporting → Continuous ImprovementApproximately 25% of time will be spent in stakeholder meetings with internal partners.Key ResponsibilitiesMetrics Strategy, Design & Standardization
Lead design and evolution of enterprise security metric taxonomy
Develop and maintain a centralized Security Metrics Library
Define metric formulas, thresholds, tiering, and escalation logic
Align metrics with enterprise risk appetite, OKRs, and regulatory expectations
Stakeholder Engagement & Socialization
Facilitate workshops with security and technology leaders
Align on definitions, thresholds, ownership, and action plans
Translate technical security outcomes into executive-level insights
Partner with ERM, Audit, Compliance, and Technology teams to drive adoption
Implementation & Automation
Implement metrics within BI and reporting platforms (Power BI, Tableau, Qlik)
Partner with data engineering to automate reporting feeds
Define source-to-metric data mapping and validation standards
Establish repeatable operational procedures and governance checkpoints
Executive Reporting & Insights
Develop executive dashboards and reporting packages
Deliver trend analysis, root cause insights, and leading vs lagging indicators
Prepare presentation materials and narrative summaries
Ensure metrics influence decision-making, not just reporting
Data Quality & Governance
Implement controls for accuracy, completeness, and traceability
Conduct quarterly metric definition reviews
Reduce manual reporting and enforce governance standards
Required QualificationsRequired Experience
8+ years in cybersecurity metrics, cyber risk reporting, GRC, cyber operations, or InfoSec business intelligence
Strong understanding of:
SOC / Incident Response
Vulnerability Management
IAM / PAM
Cloud Security
AppSec / SDLC Security
Third-Party Risk
Advanced Excel skills
Strong PowerPoint and executive storytelling ability
Experience with at least one BI tool (Power BI, Tableau, or Qlik)
Soft Skills
Excellent written and verbal communication
Comfortable presenting to executive audiences
Strong facilitation and workshop leadership
Proactive, ownership-driven mindset
Preferred Qualifications
Experience with NIST CSF, NIST 800-53, ISO 27001, CIS Controls
Experience with tools such as Splunk, Sentinel, CrowdStrike, Qualys/Tenable, ServiceNow (IRM/GRC/SecOps), or Archer
Certifications such as CISSP, CISM, CRISC, Security+, or ITIL Foundation
Experience building KPI/KRI governance programs
Prior banking or financial institution experience
EducationPost-secondary education is a plus; relevant professional experience is prioritized.Performance MeasurementPerformance will be measured by meeting defined deliverables, adherence to timelines, and successful stakeholder adoption of reporting frameworks.BenefitsMedical, Vision, and Dental Insurance Plans
401k Retirement FundAbout The CompanyTop 10 bank in Canada and North America offering comprehensive financial solutions. Providing retail, commercial, wealth management, and wholesale banking services, we help clients thrive in today's evolving market.About GTTGTT is a minority-owned staffing firm and a subsidiary of Chenega Corporation, a Native American-ow

About the Company

Global Technical Talent (GTT), a subsidiary of Chenega Corporation (www.Chenega.com) with over $1.3 billion in revenue and 5,800 US employees, is a leading provider of Total Talent Solutions. With a strong presence in the US, Canada, and India, GTT delivers Global Staffing, SOW (Statement of Work) solutions, RPO (Recruitment Process Outsourcing), Direct Sourcing, and Global Payroll services. Headquartered in Portsmouth, New Hampshire, and founded in 1999, GTT has over 22 years of experience in the staffing industry. The comp... Know more