Cybersecurity Risk Reporting Analyst - Strategy & Design

job summary: Role Summary The Cybersecurity Risk Reporting Analyst is a senior-level individual contributor responsible for the end-to-end lifecycle of security metrics. This role encompasses both the strategic design of a security metric taxonomy and the operational execution of recurring reporting cycles. You will partner with cyber domain leaders (IAM, SOC, Cloud Security, etc.) to translate technical security outcomes into business-relevant language for executive leadership and risk committees. Key Responsibilities 1. Metrics Strategy & Design Lead the design and evolution of the enterprise security metric taxonomy, including KRIs, KPIs, and operational measures. Build and maintain a security metrics library detailing definitions, formulas, risk mapping, and escalation logic . Ensure all metrics align with the enterprise risk appetite, security strategy, and regulatory expectations . Facilitate workshops with security leaders to drive alignment on performance expectations and ownership . 2. Execution & Operational Maintenance Execute recurring weekly, monthly, and quarterly security metric refresh processes to ensure on-time delivery. Maintain reporting calendars and coordinate with metric owners to ensure timely data inputs. Track and document metric completion, dependencies, and exceptions. Serve as the primary point of contact for stakeholders regarding metric clarification and audit support. 3. Reporting & Dashboarding Maintain and validate dashboards in Power BI, Tableau, or Qlik, ensuring visual consistency and accurate annotations . Produce monthly security scorecards, operational reviews, and executive reporting packages. Provide deep-dive analysis beyond the numbers, identifying trend drivers, root causes, and leading indicators . 4. Data Quality & Governance Perform rigorous quality checks to validate data integrity, including variance analysis and logic validation . Coordinate with data owners to resolve data quality issues and refresh defects. Partner with engineering teams to automate metric feeds and reduce manual reporting efforts. Enforce metric governance to reduce "metric sprawl" and maintain documentation for systems-of-record. Candidate Profile Required Experience & Hard Skills Experience: 8+ years in cybersecurity metrics, risk reporting, GRC, or business intelligence supporting InfoSec. (Minimum 5 years for operational focus) . Technical Proficiency: Advanced Excel skills (formula checks, variance analysis). Proficiency in at least one BI tool (Power BI, Tableau, or Qlik). Expert-level PowerPoint skills for executive storytelling. Domain Knowledge: Strong understanding of security domains such as SOC/IR, Vulnerability Management, IAM/PAM, Cloud Security, and AppSec . Industry Experience: Prior banking or financial institution experience is a significant asset. Soft Skills & Competencies Communication: Ability to translate technical security data into business-relevant narratives for executives. Precision: A data-quality mindset with high attention to detail for detecting anomalies. Organization: Comfort managing recurring deadlines and structured refresh cycles. Facilitation: Strong workshop leadership skills to align multiple stakeholders on metric definitions. Success Criteria (First 12 Months) Published Security Metrics Library with approved enterprise KRIs and KPIs. On-time delivery of all metric refreshes and reporting cycles. Significant reduction in manual reporting through the implementation of automated feeds. Improved stakeholder trust in reporting outputs through documented BAU procedures. location: Telecommute job type: Contract salary: $80 - 83 per hour work hours: 8am to 5pm education: Bachelors responsibilities: Key Responsibilities 1. Metrics Strategy & Design

• Lead the design and evolution of the enterprise security metric taxonomy, including KRIs, KPIs, and operational measures.
• Build and maintain a security metrics library detailing definitions, formulas, risk mapping, and escalation logic .
• Ensure all metrics align with the enterprise risk appetite, security strategy, and regulatory expectations .
• Facilitate workshops with security leaders to drive alignment on performance expectations and ownership .

2. Execution & Operational Maintenance

• Execute recurring weekly, monthly, and quarterly security metric refresh processes to ensure on-time delivery.
• Maintain reporting calendars and coordinate with metric owners to ensure timely data inputs.
• Track and document metric completion, dependencies, and exceptions.
• Serve as the primary point of contact for stakeholders regarding metric clarification and audit support.

3. Reporting & Dashboarding

• Maintain and validate dashboards in Power BI, Tableau, or Qlik, ensuring visual consistency and accurate annotations .
• Produce monthly security scorecards, operational reviews, and executive reporting packages.
• Provide deep-dive analysis beyond the numbers, identifying trend drivers, root causes, and leading indicators .

4. Data Quality & Governance

• Perform rigorous quality checks to validate data integrity, including variance analysis and logic validation .
• Coordinate with data owners to resolve data quality issues and refresh defects.
• Partner with engineering teams to automate metric feeds and reduce manual reporting efforts.
• Enforce metric governance to reduce "metric sprawl" and maintain documentation for systems-of-record.

qualifications: Required Experience & Hard Skills Experience: 8+ years in cybersecurity metrics, risk reporting, GRC, or business intelligence supporting InfoSec. (Minimum 5 years for operational focus) . Technical Proficiency: Advanced Excel skills (formula checks, variance analysis). Proficiency in at least one BI tool (Power BI, Tableau, or Qlik). Expert-level PowerPoint skills for executive storytelling. Domain Knowledge: Strong understanding of security domains such as SOC/IR, Vulnerability Management, IAM/PAM, Cloud Security, and AppSec . Industry Experience: Prior banking or financial institution experience is a significant asset. Soft Skills & Competencies Communication: Ability to translate technical security data into business-relevant narratives for executives. Precision: A data-quality mindset with high attention to detail for detecting anomalies. Organization: Comfort managing recurring deadlines and structured refresh cycles. Facilitation: Strong workshop leadership skills to align multiple stakeholders on metric definitions. Equal Opportunity Employer: Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status. At Randstad Digital, we welcome people of all abilities and want to ensure that our hiring and interview process meets the needs of all applicants. If you require a reasonable accommodation to make your application or interview experience a great one, please contact [email protected]. Pay offered to a successful candidate will be based on several factors including the candidate's education, work experience, work location, specific job duties, certifications, etc. In addition, Randstad Digital offers a comprehensive benefits package, including: medical, prescription, dental, vision, AD&D, and life insurance offerings, short-term disability, and a 401K plan (all benefits are based on eligibility). This posting is open for thirty (30) days. It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability. Apply tot his job Apply To this Job