job summary:
Cyber Risk Metrics & KRI Design Lead
Role Summary
The Cyber Risk Metrics & KRI Design Lead is a senior-level individual contributor responsible for defining, governing, and driving the adoption of enterprise security performance metrics. This role is accountable for the full lifecycle delivery: from strategy and design to stakeholder alignment, implementation, and continuous improvement. You will partner with cyber domain leaders (IAM, SOC, Cloud Security, etc.) to translate technical security outcomes into business-relevant language for executive leadership and risk committees.
Key Responsibilities
1. Metrics Strategy & Design
Lead the design and ongoing evolution of the enterprise security metric taxonomy, ensuring consistent definitions for KRIs and KPIs.
Build and maintain a security metrics library detailing definitions, formulas, risk mapping, and escalation logic.
Ensure all metrics align with the enterprise risk appetite, security strategy, and regulatory expectations.
Facilitate working sessions and workshops with security leaders to drive alignment on performance expectations and ownership.
2. Execution & Operational Maintenance
Define and build repeatable metric operational procedures, including refresh cycles, validations, and approvals.
Maintain metric reporting calendars and ensure metric owners provide inputs within defined timelines.
Track metric completion, dependencies, and exceptions.
Serve as a reliable point of contact for stakeholders seeking metric clarification or audit support.
3. Reporting & Dashboarding
Maintain and validate dashboards in Power BI, Tableau, or Qlik, ensuring visual consistency and accurate annotations.
Produce recurring executive and operational reporting packages, including monthly security scorecards and risk reports.
Provide deep-dive analysis beyond the numbers, identifying trend drivers, root causes, and leading indicators.
4. Data Quality & Governance
Perform rigorous quality checks to validate data integrity, including variance analysis and logic validation.
Establish controls and QA checkpoints to ensure metrics are accurate, consistent, and traceable to systems-of-record.
Partner with engineering teams to automate metric feeds and reduce manual reporting efforts.
Enforce metric governance to reduce "metric sprawl" and maintain documentation.
Candidate Profile
Required Experience & Hard Skills
Experience: 8+ years in cybersecurity metrics, risk reporting, GRC, or business intelligence supporting InfoSec.
Technical Proficiency:
Advanced Excel skills (formula checks, variance analysis).
Proficiency in at least one BI tool (Power BI, Tableau, or Qlik).
Expert-level PowerPoint skills for executive storytelling.
Domain Knowledge: Strong understanding of security domains such as SOC/IR, Vulnerability Management, IAM/PAM, Cloud Security, and AppSec.
Industry Experience: Prior banking or financial institution experience is a significant asset.
Soft Skills & Competencies
Communication: Ability to translate technical security data into business-relevant narratives for executives.
Precision: A data-quality mindset with high attention to detail for detecting anomalies.
Organization: Comfort managing recurring deadlines and structured refresh cycles.
Facilitation: Strong workshop leadership skills to align multiple stakeholders on metric definitions.
Success Criteria (First 12 Months)
Established and published Security Metrics Library with approved enterprise KRIs and KPIs.
On-time delivery of all metric refreshes and reporting cycles.
Significant reduction in manual reporting through the implementation of automated feeds.
Improved stakeholder trust in reporting outputs through documented BAU procedures.
location: Telecommute
job type: Contract
salary: $80 - 83 per hour
work hours: 8am to 5pm
education: Bachelors
responsibilities:
Key Responsibilities
1. Metrics Strategy & Design
Lead the design and ongoing evolution of the enterprise security metric taxonomy, ensuring consistent definitions for KRIs and KPIs.
Build and maintain a security metrics library detailing definitions, formulas, risk mapping, and escalation logic.
Ensure all metrics align with the enterprise risk appetite, security strategy, and regulatory expectations.
Facilitate working sessions and workshops with security leaders to drive alignment on performance expectations and ownership.
2. Execution & Operational Maintenance
Define and build repeatable metric operational procedures, including refresh cycles, validations, and approvals.
Maintain metric reporting calendars and ensure metric owners provide inputs within defined timelines.
Track metric completion, dependencies, and exceptions.
Serve as a reliable point of contact for stakeholders seeking metric clarification or audit support.
3. Reporting & Dashboarding
Maintain and validate dashboards in Power BI, Tableau, or Qlik, ensuring visual consistency and accurate annotations.
Produce recurring executive and operational reporting packages, including monthly security scorecards and risk reports.
Provide deep-dive analysis beyond the numbers, identifying trend drivers, root causes, and leading indicators.
4. Data Quality & Governance
Perform rigorous quality checks to validate data integrity, including variance analysis and logic validation.
Establish controls and QA checkpoints to ensure metrics are accurate, consistent, and traceable to systems-of-record.
Partner with engineering teams to automate metric feeds and reduce manual reporting efforts.
Enforce metric governance to reduce "metric sprawl" and maintain documentation.
qualifications:
Required Experience & Hard Skills
Experience: 8+ years in cybersecurity metrics, risk reporting, GRC, or business intelligence supporting InfoSec. (Minimum 5 years for operational focus) .
Technical Proficiency:
Advanced Excel skills (formula checks, variance analysis).
Proficiency in at least one BI tool (Power BI, Tableau, or Qlik).
Expert-level PowerPoint skills for executive storytelling.
Domain Knowledge: Strong understanding of security domains such as SOC/IR, Vulnerability Management, IAM/PAM, Cloud Security, and AppSec .
Industry Experience: Prior banking or financial institution experience is a significant asset.
Soft Skills & Competencies
Communication: Ability to translate technical security data into business-relevant narratives for executives.
Precision: A data-quality mindset with high attention to detail for detecting anomalies.
Organization: Comfort managing recurring deadlines and structured refresh cycles.
Facilitation: Strong workshop leadership skills to align multiple stakeholders on metric definitions.
Equal Opportunity Employer: Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.
At Randstad Digital, we welcome people of all abilities and want to ensure that our hiring and interview process meets the needs of all applicants. If you require a reasonable accommodation to make your application or interview experience a great one, please contact
Pay offered to a successful candidate will be based on several factors including the candidate's education, work experience, work location, specific job duties, certifications, etc. In addition, Randstad Digital offers a comprehensive benefits package, including: medical, prescription, dental, vision, AD&D, and life insurance offerings, short-term disability, and a 401K plan (all benefits are based on eligibility).
This posting is open for thirty (30) days.
It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.
![]()
Never miss an opportunity! Create an alert based on the job you applied for.