Sr Cybersecurity Metrics Analyst
We’re looking for a metrics-savvy, hands-on senior individual with extensive Security Metrics experience to support our security programs development in operationalizing cybersecurity metrics, including but not limited to Incident Response, Vulnerability Management, Threat Management, Prevention and Coverage(Network, Endpoints, DMARC, etc.), Identity & Access Management, Data Security. The candidate must have strong operational knowledge of the security tool landscape and have a track record of building insights from metrics reporting and managing security metrics data and dashboards. This role is integral to Cybersecurity program maturity and works directly alongside the Security Architecture / Engineering, Security Operations, Cyber Risk Governance, Tech Infrastructure, and Network teams. Primarily responsible for collecting and summarizing security metrics and presenting them in an effective reporting format according to specifications approved by the CISO
- Gather cyber metrics and identify opportunities to operationalize portfolio of security metrics.
- Lead cyber metrics tool selection for reporting
- Strong experience in HITRUST, ISO metrics
- Engage with teams to capture security operational metrics and build data for CISO dashboard.
- Collaborate and create roadmaps outlining plans for developing and operationalizing Information Security metrics
- Communicate with individuals and teams responsible for security controls to document, understand, and report the full context around Information Security metrics performance.
- Assist with assigned operational excellence activities or projects that support process improvements across the Information Security organization. Provides input to drive process improvements.
- Provide consistent updates to CISO dashboards on weekly and monthly basis
- Create trend analysis and create reporting based on those trend insights to highlight opportunities for performance improvement, risk reduction, improved efficiency, and cost reduction
- Strong experience with security metrics and measurements understand how to measure monitoring/IR processes and report on historical data
- Partner with Security Operations (SecOps) Engineers to operationalize security metrics reporting
Knowledge and Skills
- Strong Security metrics and reporting
- Strong knowledge of tools to capture security metrics and build visually engaging security dashboard
- Strong critical thinking to evaluate insights from metrics and trend-analysis
- Ability to manage tasks independently without close supervision and take ownership of responsibilities
- Strong communication skills in presenting technical concepts of security
- Proficiency in Microsoft tools such as Outlook, Excel etc. and project management tools such as JIRA
- Knowledge of agile methodologies
- Proven leadership abilities including effective knowledge sharing, conflict resolution, facilitation of open discussions, fairness and displaying appropriate levels of assertiveness.
- 5+ years related work experience
- Bachelor’s degree in an IT related field or equivalent IT, IT Infrastructure and/or Cybersecurity work experience
- CISSP or equivalent
Estimated Salary Range for this position: $84,000 - $112,000
The base salary range represents the anticipated low and high end of the GHX’s salary range for this position. The base salary is one component of GHX’s total compensation package for employees. Other rewards and benefits include: health, vision, and dental insurance, accident and life insurance, 401k matching, paid-time off, and education reimbursement, to name a few. To view more details of our benefits, visit us here: https://www.ghx.com/about/careers/
GHX: It's the way you do business in healthcare
Global Healthcare Exchange (GHX) enables better patient care and billions in savings for the healthcare community by maximizing automation, efficiency and accuracy of business processes.
GHX is a healthcare business and data automation company, empowering healthcare organizations to enable better patient care and maximize industry savings using our world class cloud-based supply chain technology exchange platform, solutions, analytics and services. We bring together healthcare providers and manufacturers and distributors in North America and Europe - who rely on smart, secure healthcare-focused technology and comprehensive data to automate their business processes and make more informed decisions.
It is our passion and vision for a more operationally efficient healthcare supply chain, helping organizations reduce - not shift - the cost of doing business, paving the way to delivering patient care more effectively. Together we take more than a billion dollars out of the cost of delivering healthcare every year. GHX is privately owned, operates in the United States, Canada and Europe, and employs more than 1000 people worldwide. Our corporate headquarters is in Colorado, with additional offices in Europe, Illinois, Florida, and Nebraska.
Global Healthcare Exchange, LLC and its North American subsidiaries (collectively, “GHX”) provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, national origin, sex, sexual orientation, gender identity, religion, age, genetic information, disability, veteran status or any other status protected by applicable law. All qualified applicants will receive consideration for employment without regard to any status protected by applicable law. This EEO policy applies to all terms, conditions, and privileges of employment, including hiring, training and development, promotion, transfer, compensation, benefits, educational assistance, termination, layoffs, social and recreational programs, and retirement.
GHX believes that employees should be provided with a working environment which enables each employee to be productive and to work to the best of his or her ability. We do not condone or tolerate an atmosphere of intimidation or harassment based on race, color, national origin, sex, sexual orientation, gender identity, religion, age, genetic information, disability, veteran status or any other status protected by applicable law. GHX expects and requires the cooperation of all employees in maintaining a discrimination and harassment-free atmosphere. Improper interference with the ability of GHX’s employees to perform their expected job duties is absolutely not tolerated.