IT - Info Security Analyst V -cybersecurity metrics, cyber risk reporting, SOC

RETURNING MANAGER FOLLOW-UP QUESTIONS: Previous JP#: Feedback from last time & Areas of Opportunities: ASSIGNMENT DETAILS: Position Title: US - IT - Info Security Analyst V (US equivalent of TDJP00057333) # of positions: 2 Start Date: ASAP Duration: 8 months Extension possible: Possibility based off of business needs and performance Conversion Possible: Possibility based off of business needs and performance Billing Cost Center: 1274 Business Unit: 4 - Global Security and Defence (S_1017254) Schedule: M-F, core business hours 40 hours per week, 8 hours per day OT: No Rotation: No Work Location:

• Remote, Onsite, or Hybrid: hybrid if they live near a hub or remote if they do not
• Anchor Days (if applicable): N/A
• Address: we will discuss hub and remote details in the supplier call tomorrow Travel Required: No Possibility of any Additional Upcoming Furlough: Standard STORY BEHIND THE NEED: Reason for request/why opened: Project support Scope of Project: uplifting reporting space within GRC groups Team Size/Culture: 10 people, collaborative working environment Training Period: TD onboarding and hit the ground running Selling Points of Position (CVP): Opportunity for long-term, very high visibility work with leadership team, opportunity to network and grow within bank ADMIN/CLERICAL ONLY: Back-office vs Telephone work: CANDIDATE PROFILE DETAILS: Degree/Level of Education: Post secondary is a nice to have work experience is more important Certifications Required: Nothing required Years of Overall Experience: 8+ years with flexibility How will performance be measured: hitting deliverables and timelines Preferred/Ideal Candidate Background: banking or financial experience is an asset, strong BI tool experience and advanced level Excel skills SUMMARY OF THE ROLE:
• Typical Day-to-Day Responsibilities
• How much time is being spent in meetings 25% of their day will be spent in meetings
• Who are they interacting with (internal/external) internal partners
• Will the contractor have access to any customer data? No Role Summary The Senior Security Metrics and KRI Design Analyst is responsible for defining, governing, and driving adoption of enterprise security performance metrics, including Key Risk Indicators (KRIs), Key Performance Indicators (KPIs), and operational security metrics. This role partners with cyber domain leaders (IAM, SOC, Vulnerability Management, GRC, Cloud Security, AppSec, Third Party Risk, etc.) to translate security strategy and risk appetite into measurable outcomes, and to ensure metrics are implemented, trusted, automated, and consumed by operational teams and executives. This role is accountable for full lifecycle delivery: strategy -> design stakeholder alignment implementation data quality reporting continuous improvement. Key Responsibilities 1) Metrics Strategy, Design & Standardization
• Lead design and ongoing evolution of security metric taxonomy, ensuring consistent definitions for KRIs, KPIs, and operational measures.
• Build/maintain a security metrics library including:
• metric definitions (name, intent, formula, thresholds)
• risk mapping (control objectives, risk statements)
• tiering and criticality (enterprise vs domain vs team level)
• target ranges and escalation logic
• Ensure metrics align to:
• enterprise risk appetite/tolerance
• security strategy and OKRs
• regulatory or audit expectations (as applicable) 2) Stakeholder Engagement & Socialization
• Facilitate working sessions with security leaders to drive alignment on:
• metric definitions
• thresholds / limits
• performance expectations
• ownership and action plans
• Translate technical security outcomes into business-relevant language suitable for executives and non-technical stakeholders.
• Establish strong partnership with ERM, Audit, Compliance, and Technology leaders to ensure metric credibility and broad adoption. 3) Implementation Leadership (Build & Operationalize)
• Drive implementation of metrics into reporting workflows and tooling (e.g., Power BI/Tableau, Archer, ServiceNow, Splunk, Jira, CMDB, EDR platforms).
• Partner with data engineering teams to automate metric feeds and reduce manual reporting.
• Define data requirements and map sources to metric logic.
• Build repeatable metric operational procedures:
• refresh cycles
• validations
• approvals
• artifact retention 4) Reporting, Insights & Executive Readouts
• Develop executive-ready reporting packages for:
• Security leadership
• Technology leadership forums
• Risk committees / Board materials (as required)
• Provide analysis beyond the numbers:
• trend drivers
• root cause hypotheses
• leading indicators vs lagging indicators
• recommended actions
• Prepare talking points and narrative summaries to ensure metrics drive decisions not just reporting. 5) Data Quality, Controls, and Governance Establish controls to ensure metrics are:
• accurate
• complete
• consistent across domains
• traceable back to systems-of-record
• Implement documentation, Q

Apply tot his job Apply To this Job