À propos
Location: Remote
Duration: 8 months
Core Purpose This role converts risk metrics into executive-ready reporting and presents risk posture to committees and senior leadership. This role is very stakeholder-facing and presentation-heavy. This is best described as risk reporting, risk storytelling, and stakeholder alignment rather than data engineering.
Day-to-Day Focus
Take metric outputs from reporting factory and convert into reports and presentations Create PowerPoint and Power BI based reporting packages Present in risk committees across multiple business lines Provide qualitative context to quantitative metrics Drive review cycles with domain owners and executives Manage monthly and quarterly reporting timelines These roles act as translators between technical metric outputs and business or regulatory interpretation.
Required Background
5+ years in reporting, analytics, cyber risk support, or similar functions Strong executive communication ability Strong stakeholder management and negotiation skills High attention to detail due to regulatory reporting exposure Ability to translate technical risk into business language
Technical Expectations
Strong Excel and PowerPoint Ability to use BI tools (Power BI or Tableau) to extract and interpret data Candidates are not expected to build dashboards or write queries regularly If data is questioned, candidates must be able to coordinate with data teams and validate outputs.
? Nice to Have
Cyber risk domain exposure Security tooling familiarity such as ServiceNow, Archer, Splunk, Sentinel Security framework familiarity
Reporting Process Reality (Important for Candidate Expectation Setting)
Metrics are produced monthly by a centralized reporting factory. Reporting analysts review metrics, validate with domain owners, incorporate feedback, and present to leadership. There are multiple feedback loops each month involving domain leaders, CISOs, and other executives. Some outputs are used in regulatory reporting. Accuracy and documentation quality are critical. Every word and metric interpretation can matter from a regulatory standpoint. There are also quarterly processes tied to enterprise Risk Appetite Statement (RAS) metrics managed by second line risk teams.
Operating Environment
The team operates within a three lines of defense banking risk model. First line is technology and cyber teams managing risk Second line is enterprise risk defining enterprise risk appetite and oversight These roles sit primarily supporting first line but must coordinate closely with second line risk Strong cross-functional collaboration is required.
Location and Work Model
Preferred Locations US: Mount Laurel, New Jersey A remote position is possible for very strong candidates. Hybrid or local candidates are preferred due to collaboration and potential future conversion. Remote candidates may face challenges converting to full-time later if conversion becomes available.
Timeline
Interview Process: Likely panel format Possibly 1-2 rounds total Experience-based questions No coding tests Camera required
Ideal Candidate Profile Themes
Strong cyber risk and business communication hybrid Comfortable working between technical teams and executives Understands regulatory impact and risk frameworks Strong ownership mindset Able to manage deadlines and drive stakeholder accountability
Role Summary
The Security Metrics & Reporting Analyst is responsible for the ongoing execution and maintenance of cybersecurity metrics, including KRIs, KPIs, and operational security performance measures. This role supports consistent reporting across security domains by ensuring metrics are refreshed on schedule, validated for data quality, and delivered through dashboards and reporting packages for leadership and key stakeholders.
This role focuses on business-as-usual (BAU) metrics operations, including data hygiene, dashboard maintenance, reporting production, and metric issue resolution-partnering closely with security domain teams, data owners, and analytics stakeholders.
Key Responsibilities
Metrics Execution & Refresh Cycles
Execute recurring security metric refresh processes (weekly, monthly, quarterly), ensuring deliverables are completed on schedule. Maintain metric reporting calendars and confirm metric owners provide inputs within defined timelines. Track metric completion, dependencies, and exceptions.
Reporting & Dashboard Maintenance
Maintain dashboards and reporting outputs (e.g., Power BI/Tableau), including: scheduled refresh validation visual checks and formatting consistency metric drill-down updates and annotations
Produce recurring executive and operational reporting packages (monthly security scorecards, ops reviews, risk reports).
Data Quality & Validation
Perform quality checks to validate data completeness and integrity, including: variance analysis (e.g., large month-over-month changes) missing / delayed data flags logic validation (formula checks, filters)
Document data quality issues and coordinate with data owners to resolve. Maintain metric definitions, calculation references, and source system documentation.
Metric Intake & Change Support
Support change requests for metrics such as: definition updates threshold / limit changes dashboard enhancements
Track requests and ensure changes are reviewed/approved by the metric governance group, ORM challenge
Operational Support & Stakeholder Coordination
Serve as a reliable point of contact for stakeholders seeking metric clarification or reporting support. Support preparation of talking points and narratives (what changed, why it changed, what action is needed). Assist in audit support requests by gathering metric artifacts and evidence of metric controls.
Key Skills & Competencies
Strong organization and follow-through Structured thinker, process-oriented Data quality mindset and precision Professional communication and "clean" documentation Continuous improvement orientation
Success Criteria (first 6-12 months)
On-time delivery of all metric refreshes and reporting cycles Reduced data quality issues and faster resolution of reporting defects Improved stakeholder satisfaction and trust in reporting outputs Documented and repeatable BAU reporting procedures
Must-Have Hard Skills:
1.) 5+ years' experience in reporting, analytics, operations, cybersecurity support, IT risk, or compliance functions.
2.) Proficiency with:
-Excel (intermediate-advanced)
-PowerPoint (clear reporting packages)
-At least one dashboarding tool (Power BI / Tableau / Qlik preferred)
SOFT SKILLS:
1.) Strong ability to communicate with technical and non-technical stakeholders
2.) Comfort working with recurring deliverables and managing deadlines
3.) Strong attention to detail; demonstrated ability to detect anomalies and errors in reporting
Nice-To-Have
1.) Familiarity with one or more cybersecurity domains.
-SOC / incident response metrics
-vulnerability metrics
-IAM metrics (joiner/mover/leaver, access recertification, PAM coverage)
-security awareness / phishing metrics
2.) Experience with security tooling data sources:
-ServiceNow, Archer
-Splunk / Sentinel
-Tenable / Qualys
3.) Knowledge of common security frameworks (NIST CSF, ISO 27001)
Compétences linguistiques
- English
Avis aux utilisateurs
Cette offre provient d’une plateforme partenaire de TieTalent. Cliquez sur « Postuler maintenant » pour soumettre votre candidature directement sur leur site.