Information Security Analyst

Information Security Analyst (Senior Security Metrics & KRI Design Analyst) Alternate Job Titles: Senior Cybersecurity Metrics Analyst Cyber Risk Reporting & KRI Governance Lead Security KPI/KRI Program Analyst Information Security Business Intelligence Analyst Cyber Risk Performance Measurement Consultant Location & Work Model Mount Laurel, NJ Hybrid (if located near a hub) or Remote (if not near a hub) Contract Details Position Type: Contract Contract Duration: 8 Months Start: As Soon As Possible Schedule: Monday–Friday, Core Business Hours (40 hours/week) Overtime: No Travel: No Extension and conversion possible based on business needs and performance. About the Opportunity We are hiring a Senior Security Metrics & KRI Design Analyst to support a strategic project within Global Security & Defence. This role focuses on uplifting the enterprise security reporting and governance framework across GRC and cybersecurity domains. You will join a 10-person collaborative team and partner closely with cyber domain leaders and executive stakeholders. This position offers high visibility with leadership and the opportunity to build long-term impact within a Top 10 North American bank. Role Overview The Senior Security Metrics & KRI Design Analyst is responsible for defining, governing, and driving adoption of enterprise security performance metrics, including Key Risk Indicators (KRIs), Key Performance Indicators (KPIs), and operational security metrics. You will collaborate with IAM, SOC, Vulnerability Management, Cloud Security, AppSec, GRC, and Third-Party Risk teams to translate risk appetite and strategy into measurable, automated, and trusted outcomes. Ownership includes the full lifecycle: Strategy → Design → Stakeholder Alignment → Implementation → Data Quality → Reporting → Continuous Improvement Approximately 25% of time will be spent in stakeholder meetings with internal partners. Key Responsibilities Metrics Strategy, Design & Standardization Lead design and evolution of enterprise security metric taxonomy Develop and maintain a centralized Security Metrics Library Define metric formulas, thresholds, tiering, and escalation logic Align metrics with enterprise risk appetite, OKRs, and regulatory expectations Stakeholder Engagement & Socialization Facilitate workshops with security and technology leaders Align on definitions, thresholds, ownership, and action plans Translate technical security outcomes into executive-level insights Partner with ERM, Audit, Compliance, and Technology teams to drive adoption Implementation & Automation Implement metrics within BI and reporting platforms (Power BI, Tableau, Qlik) Partner with data engineering to automate reporting feeds Define source-to-metric data mapping and validation standards Establish repeatable operational procedures and governance checkpoints Executive Reporting & Insights Develop executive dashboards and reporting packages Deliver trend analysis, root cause insights, and leading vs lagging indicators Prepare presentation materials and narrative summaries Ensure metrics influence decision-making, not just reporting Data Quality & Governance Implement controls for accuracy, completeness, and traceability Conduct quarterly metric definition reviews Reduce manual reporting and enforce governance standards Required Qualifications Required Experience 8+ years in cybersecurity metrics, cyber risk reporting, GRC, cyber operations, or InfoSec business intelligence Strong understanding of: SOC / Incident Response Vulnerability Management IAM / PAM Cloud Security AppSec / SDLC Security Third-Party Risk Advanced Excel skills Strong PowerPoint and executive storytelling ability Experience with at least one BI tool (Power BI, Tableau, or Qlik) Soft Skills Excellent written and verbal communication Comfortable presenting to executive audiences Strong facilitation and workshop leadership Proactive, ownership-driven mindset Preferred Qualifications Experience with NIST CSF, NIST 800-53, ISO 27001, CIS Controls Experience with tools such as Splunk, Sentinel, CrowdStrike, Qualys/Tenable, ServiceNow (IRM/GRC/SecOps), or Archer Certifications such as CISSP, CISM, CRISC, Security+, or ITIL Foundation Experience building KPI/KRI governance programs Prior banking or financial institution experience Education Post-secondary education is a plus; relevant professional experience is prioritized. Performance Measurement Performance will be measured by meeting defined deliverables, adherence to timelines, and successful stakeholder adoption of reporting frameworks. Benefits Medical, Vision, and Dental Insurance Plans 401k Retirement Fund About The Company Top 10 bank in Canada and North America offering comprehensive financial solutions. Providing retail, commercial, wealth management, and wholesale banking services, we help clients thrive in today's evolving market. About GTT GTT is a minority-owned staffing firm and a subsidiary of Chenega Corporation, a Native American-owned company in Alaska. As a Native American-owned, economically disadvantaged corporation, we highly value diverse and inclusive workplaces. Our clients are Fortune 500 banking, insurance, financial services, and technology companies, along with some of the nation’s largest life sciences, biotech, utility, and retail companies across the US and Canada. We look forward to helping you land your next great career opportunity! Job Number: 26-01537 #LI-GTT #LI-Hybrid #gttjobs