Cybersecurity/Information Security Specialist – Risk governance & IAM/PAM
Are you experienced in cybersecurity metrics and risk reporting? Apply Now!
Working with one of our top financial clients, this role calls for a Cybersecurity/Information Security Specialist – Risk governance & IAM/PAM. This position involves designing and governing enterprise security performance metrics, partnering with cyber domain leaders, and translating security outcomes into actionable insights for senior leadership. It offers a unique opportunity to contribute to high-visibility projects within a collaborative environment, supporting long-term growth and development.
Responsibilities
- Lead the design and ongoing refinement of security metric taxonomy, including KRIs, KPIs, and operational measures
- Build and maintain a comprehensive security metrics library with clear definitions, risk mappings, tiering, and escalation procedures
- Ensure metrics align with enterprise risk appetite, security strategy, and regulatory requirements
- Facilitate stakeholder engagement sessions to drive alignment on metric definitions, thresholds, and ownership
- Translate technical security outcomes into language suitable for non-technical audiences
- Collaborate with data engineering teams to automate metric feeds and reduce manual reporting efforts
- Define data requirements, map sources to metrics, and establish operational procedures for report refreshes and validations
- Develop executive-ready reporting tools and dashboards for security and technology leadership, risk committees, and boards
- Provide analysis of trends, root causes, and performance indicators to inform decision-making
- Implement controls to ensure metric accuracy, completeness, and consistency across domains
- Maintain documentation, perform periodic reviews, and enforce governance to reduce metric sprawl
Desired Skill-Set
- 8+ years of experience supporting cybersecurity metrics, cyber risk reporting, or related BI functions
- Strong understanding of cybersecurity domains such as SOC, vulnerability management, IAM/PAM, cloud security, AppSec, and third-party risk
- Advanced proficiency in Excel and PowerPoint for data analysis and executive storytelling
- Hands-on experience with BI tools such as Power BI, Tableau, or Qlik
- Excellent written and verbal communication skills
- Confidence in presenting to executive audiences
Nice to Have
- familiarity with frameworks like NIST CSF, ISO 27001, CIS Controls
- experience with metric automation platforms such as Splunk, Sentinel, CrowdStrike, Qualys, or ServiceNow
- professional certifications (e.g., CISSP, CISM, CRISC, Security+)
- background in KPI/KRI governance programs
- prior experience in banking or financial services
BeachHead is an equal opportunity agency and employer. We advocate for our candidates and welcome applicants regardless of race, color, religion, national origin, sex, age, or physical or mental disability. BeachHead or our clients may use technology-enabled tools, including automation and artificial intelligence (AI), to support parts of the recruitment process such as resume screening, application management, and candidate matching. These tools assist our recruiters and our clients, and do not replace human decision-making. This job posting represents a current or anticipated vacancy. The position may be filled at any time, and the posting may be removed without notice once the role has been filled.