Sr. Security Metrics & Reporting Analyst - 57332/57333

Duration: 8 months

Extension possible: Possibility - based off of business needs and performance

Conversion Possible: Possibility - based off of business needs and performance

Business Unit: 4 - Global Security and Defence (S_1017254)

Work Location: hybrid - 2 days on site, 3 days work from home - could be 4 days on site at some point.

- Anchor Days (if applicable): Flexible, Toronto, Ontario

Scope of Project: uplifting reporting space within GRC groups

Team Size/Culture: 10 people, collaborative working environment

Selling Points of Position (CVP): Opportunity for long-term, very high visibility work with leadership team, opportunity to network and grow within bank

CANDIDATE PROFILE DETAILS:

Degree/Level of Education: Post secondary is a nice to have - work experience is more important

Certifications Required: Nothing required

Years of Overall Experience: 5+ years of experience

How will performance be measured: hitting deliverables and timelines

Preferred/Ideal Candidate Background: banking or financial experience is an asset, strong BI tool experience and advanced level Excel skills

Role Summary

The Security Metrics & Reporting Analyst is responsible for the ongoing execution and maintenance of cybersecurity metrics, including KRIs, KPIs, and operational security performance measures. This role supports consistent reporting across security domains by ensuring metrics are refreshed on schedule, validated for data quality, and delivered through dashboards and reporting packages for leadership and key stakeholders.

This role focuses on business-as-usual (BAU) metrics operations, including data hygiene, dashboard maintenance, reporting production, and metric issue resolution-partnering closely with security domain teams, data owners, and analytics stakeholders.

Key Responsibilities

• Execute recurring security metric refresh processes (weekly, monthly, quarterly), ensuring deliverables are completed on schedule.
• Maintain metric reporting calendars and confirm metric owners provide inputs within defined timelines.
• Track metric completion, dependencies, and exceptions.
• Maintain dashboards and reporting outputs (e.g., Power BI/Tableau), including:
• scheduled refresh validation
• visual checks and formatting consistency
• metric drill-down updates and annotations
• Produce recurring executive and operational reporting packages (monthly security scorecards, ops reviews, risk reports).
• Perform quality checks to validate data completeness and integrity, including:
• variance analysis (e.g., large month-over-month changes)
• missing / delayed data flags
• logic validation (formula checks, filters)
• Document data quality issues and coordinate with data owners to resolve.
• Maintain metric definitions, calculation references, and source system documentation.

MUST-HAVE Hard Skills:

1.) 5+ years experience in reporting, analytics, operations, cybersecurity support, IT risk, or compliance functions.

2.) Proficiency with:

-Excel (intermediate-advanced)

-PowerPoint (clear reporting packages)

-At least one dashboarding tool (Power BI / Tableau / Qlik preferred)

NICE-TO-HAVE

1.) Familiarity with one or more cybersecurity domains.

-SOC / incident response metrics

-vulnerability metrics

-IAM metrics (joiner/mover/leaver, access recertification, PAM coverage)

-security awareness / phishing metrics

2.) Experience with security tooling data sources:

-ServiceNow, Archer

-Splunk / Sentinel

-Tenable / Qualys

3.) Knowledge of common security frameworks (NIST CSF, ISO 27001)

Interview process: 1-2 steps, virtual, 30 minutes