Job
Description
Responsibilities : Develop and Manage Security Metrics & Reporting Framework: Define, track, and analyze key performance indicators (KPIs) and key risk indicators (KRIs) aligned with organizational security goals, regulatory requirements, and industry best practices (e.g., NIST , ISO 27001). Continuously refine metrics and KRIs to provide actionable insights into the effectiveness of the security program and the organization's risk posture. Provide Data-Driven Insights to Leadership: Collect, analyze, and interpret security data from various sources, including SIEM systems (e.g., Splunk), security tools, and incident reports. Deliver regular (monthly/quarterly) and ad-hoc reports, dashboards, and presentations to the CISO and executive leadership, clearly communicating complex security concepts and data in a concise and impactful manner. Support Risk Management & Decision-Making: Develop, maintain, and report on risk management metrics, including risk assessments, risk exposure, and residual risk. Monitor risk appetite and tolerance levels to ensure alignment with organizational objectives and regulatory requirements. Collaborate Across Teams & Drive Continuous Improvement: Work closely with IT, compliance, risk management, and business units to gather data, foster alignment on security initiatives, and drive consensus on metrics and reporting requirements. Proactively identify opportunities for process improvements to enhance the efficiency and effectiveness of the security reporting function. Stay abreast of industry trends, emerging technologies, and best practices in cybersecurity metrics and reporting. Must Have : Education: Bachelor's degree in Computer Science, Information Systems, Cyber Security, or a related field. Master's degree is a plus. Experience: Minimum of 5 years of experience in a similar role, with a focus on metrics and reporting in the field of cyber security . Experience working in an executive-level capacity is highly desirable. Technical Skills: Proficiency in data analysis and visualization tools (e.g., Excel, Tableau, Power BI). Strong understanding of cyber security metrics, frameworks, and industry standards (e.g., NIST, ISO 27001). Familiarity with security information and event management (SIEM) systems is a plus .Proficiency in SQL for querying databases. Experience with Snowflake for cloud-based data warehousing, including data modeling, querying, and performance optimization. Good to have experience with ETL (Extract, Transform, Load) processes and python scripting . Analytical Mindset: Demonstrated ability to analyze complex data sets, identify trends, and provide actionable insights. Strong problem-solving skills and the ability to think strategically. Communication Skills: Excellent written and verbal communication skills, with the ability to present technical information to non-technical stakeholders in a clear and concise manner. Strong attention to detail and the ability to tailor messaging to different audiences. Leadership and Collaboration: Proven experience working in cross-functional teams and managing relationships with stakeholders at all levels. Ability to influence and drive consensus on metrics and reporting requirements. Certifications: Relevant certifications such as CISSP, CISM, or CRISC are highly desirable. Adaptability: You should be able to adapt quickly to changing security threats and technologies. Teamwork: The successful individual should be able to work effectively with their team and other departments to achieve the company's security goals. Show more Show less
