What are the responsibilities and job description for the Information Security Analyst position at Global Technical Talent, an Inc. 5000 Company?
Information Security Analyst (Senior Security Metrics & KRI Design Analyst)Alternate Job Titles:
- Senior Cybersecurity Metrics Analyst
- Cyber Risk Reporting & KRI Governance Lead
- Security KPI/KRI Program Analyst
- Information Security Business Intelligence Analyst
- Cyber Risk Performance Measurement Consultant
Hybrid (if located near a hub) or Remote (if not near a hub)Contract DetailsPosition Type: Contract
Contract Duration: 8 Months
Start: As Soon As Possible
Schedule: Monday-Friday, Core Business Hours (40 hours/week)
Overtime: No
Travel: NoExtension and conversion possible based on business needs and performance.About the OpportunityWe are hiring a Senior Security Metrics & KRI Design Analyst to support a strategic project within Global Security & Defense. This role focuses on uplifting the enterprise security reporting and governance framework across GRC and cybersecurity domains.You will join a 10-person collaborative team and partner closely with cyber domain leaders and executive stakeholders. This position offers high visibility with leadership and the opportunity to build long-term impact within a Top 10 North American bank.Role OverviewThe Senior Security Metrics & KRI Design Analyst is responsible for defining, governing, and driving adoption of enterprise security performance metrics, including Key Risk Indicators (KRIs), Key Performance Indicators (KPIs), and operational security metrics.You will collaborate with IAM, SOC, Vulnerability Management, Cloud Security, AppSec, GRC, and Third-Party Risk teams to translate risk appetite and strategy into measurable, automated, and trusted outcomes.Ownership includes the full lifecycle:Strategy → Design → Stakeholder Alignment → Implementation → Data Quality → Reporting → Continuous ImprovementApproximately 25% of time will be spent in stakeholder meetings with internal partners.Key ResponsibilitiesMetrics Strategy, Design & Standardization
- Lead design and evolution of enterprise security metric taxonomy
- Develop and maintain a centralized Security Metrics Library
- Define metric formulas, thresholds, tiering, and escalation logic
- Align metrics with enterprise risk appetite, OKRs, and regulatory expectations
- Facilitate workshops with security and technology leaders
- Align on definitions, thresholds, ownership, and action plans
- Translate technical security outcomes into executive-level insights
- Partner with ERM, Audit, Compliance, and Technology teams to drive adoption
- Implement metrics within BI and reporting platforms (Power BI, Tableau, Qlik)
- Partner with data engineering to automate reporting feeds
- Define source-to-metric data mapping and validation standards
- Establish repeatable operational procedures and governance checkpoints
- Develop executive dashboards and reporting packages
- Deliver trend analysis, root cause insights, and leading vs lagging indicators
- Prepare presentation materials and narrative summaries
- Ensure metrics influence decision-making, not just reporting
- Implement controls for accuracy, completeness, and traceability
- Conduct quarterly metric definition reviews
- Reduce manual reporting and enforce governance standards
- 8 years in cybersecurity metrics, cyber risk reporting, GRC, cyber operations, or InfoSec business intelligence
- Strong understanding of:
- SOC / Incident Response
- Vulnerability Management
- IAM / PAM
- Cloud Security
- AppSec / SDLC Security
- Third-Party Risk
- Advanced Excel skills
- Strong PowerPoint and executive storytelling ability
- Experience with at least one BI tool (Power BI, Tableau, or Qlik)
- Excellent written and verbal communication
- Comfortable presenting to executive audiences
- Strong facilitation and workshop leadership
- Proactive, ownership-driven mindset
- Experience with NIST CSF, NIST 800-53, ISO 27001, CIS Controls
- Experience with tools such as Splunk, Sentinel, CrowdStrike, Qualys/Tenable, ServiceNow (IRM/GRC/SecOps), or Archer
- Certifications such as CISSP, CISM, CRISC, Security , or ITIL Foundation
- Experience building KPI/KRI governance programs
- Prior banking or financial institution experience
401k Retirement FundAbout The CompanyTop 10 bank in Canada and North America offering comprehensive financial solutions. Providing retail, commercial, wealth management, and wholesale banking services, we help clients thrive in today's evolving market.About GTTGTT is a minority-owned staffing firm and a subsidiary of Chenega Corporation, a Native American-owned company in Alaska. As a Native American-owned, economically disadvantaged corporation, we highly value diverse and inclusive workplaces. Our clients are Fortune 500 banking, insurance, financial services, and technology companies, along with some of the nation’s largest life sciences, biotech, utility, and retail companies across the US and Canada. We look forward to helping you land your next great career opportunity!Job Number: 26-01537 #gttjobs
Salary : $80 - $95