Info Security Analyst
Job in
Raleigh, Wake County, North Carolina, 27601, USA
Listed on 2026-02-16
Listing for:
Spectraforce Technologies
Full Time
position Listed on 2026-02-16
Job specializations:
-
IT/Tech
Cybersecurity, Data Security, IT Consultant, Information Security
Job Description & How to Apply Below
Info Security Analyst
Location:
100% Remote
Duration: 8 Months
Job DescriptionThe Senior Security Metrics and KRI Design Analyst is responsible for defining, governing, and driving adoption of enterprise security performance metrics, including Key Risk Indicators (KRIs), Key Performance Indicators (KPIs), and operational security metrics. This role partners with cyber domain leaders (IAM, SOC, Vulnerability Management, GRC, Cloud Security, App Sec, Third Party Risk, etc.) to translate security strategy and risk appetite into measurable outcomes, and to ensure metrics are implemented, trusted, automated, and consumed by operational teams and executives.
This role is accountable for full lifecycle delivery: strategy → design → stakeholder alignment → implementation → data quality → reporting → continuous improvement.
Key Responsibilities- Lead design and ongoing evolution of security metric taxonomy, ensuring consistent definitions for KRIs, KPIs, and operational measures.
- Build/maintain a security metrics library including:
- Metric definitions (name, intent, formula, thresholds)
- Risk mapping (control objectives, risk statements)
- Tiering and criticality (enterprise vs domain vs team level)
- Target ranges and escalation logic
- Ensure metrics align to:
- Enterprise risk appetite/tolerance
- Security strategy and OKRs
- Regulatory or audit expectations (as applicable)
- Facilitate working sessions with security leaders to drive alignment on:
- Metric definitions
- Thresholds / limits
- Performance expectations
- Ownership and action plans
- Translate technical security outcomes into business-relevant language suitable for executives and non-technical stakeholders.
- Establish strong partnership with ERM, Audit, Compliance, and Technology leaders to ensure metric credibility and broad adoption.
- Drive implementation of metrics into reporting workflows and tooling (e.g., Power BI/Tableau, Archer, Service Now, Splunk, Jira, CMDB, EDR platforms).
- Partner with data engineering teams to automate metric feeds and reduce manual reporting.
- Define data requirements and map sources to metric logic.
- Build repeatable metric operational procedures:
- Refresh cycles
- Validations
- Approvals
- Artifact retention
- Develop executive-ready reporting packages for:
- Security leadership
- Technology leadership forums
- Risk committees / Board materials (as required)
- Provide analysis beyond the numbers:
- Trend drivers
- Root cause hypotheses
- Leading indicators vs lagging indicators
- Recommended actions
- Prepare talking points and narrative summaries to ensure metrics drive decisions - not just reporting.
- Establish controls to ensure metrics are:
- Accurate
- Complete
- Consistent across domains
- Traceable back to systems-of-record
- Implement documentation, QA checkpoints, and periodic metric reviews (e.g., quarterly definition validation).
- Enforce metric governance and reduce metric sprawl.
- Metrics design + governance mindset
- Executive presence / ability to brief leadership
- Strong facilitation and workshop leadership
- Ability to balance precision with pragmatism
- Data storytelling and narrative building
- Ownership mentality; proactive problem solver
- Established and published Security Metrics Library with approved KRIs/KPIs
- Implemented reporting for priority security domains with automated feeds
- Built executive dashboards with consistent definitions and thresholds
- Operationalized review cadence:
- Monthly operational reporting
- Quarterly threshold/definition reviews
- Reduced manual reporting and improved trust in security metrics
- SOC / incident response
- Vulnerability management
- IAM / PAM
- Cloud security
- App Sec / SDLC security
- Third party risk
- Experience with frameworks such as NIST CSF, NIST 800-53, ISO 27001, CIS Controls
- Experience with metric automation sources/tools:
- Splunk, Sentinel, Crowd Strike, Qualys/Tenable
- Service Now (IRM/GRC/Sec Ops)
- Archer
- Certifications (nice to have):
- CISSP / CISM / CRISC
- Security+ (if earlier-career senior)
- ITIL Foundation
- Experience building KPI/KRI governance or measurement programs
- Prior banking or financial institution experience
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
Search for further Jobs Here:
×