Cyber Security Analyst, Metrics

Working across the full Cyber Security function, the role defines and matures meaningful performance metrics to assess the effectiveness of detective and protective controls, identify emerging risks and trends, and support data-led decision making at both operational and senior leadership levels.

By ensuring security performance is measurable, transparent, and aligned to organisational risk appetite and regulatory expectations, this role directly enables continuous improvement of the organisation’s security posture.

Success requires strong analytical capability, commercial awareness, and the ability to translate complex technical data into clear, credible insights for a wide range of stakeholders

• Collect, aggregate, and manage cyber security telemetry and metrics from across security tools, platforms, and processes.
• Analyse security data to identify trends, emerging risks, control effectiveness, and improvement opportunities.
• Produce clear, accurate, and timely reports for both technical teams and senior stakeholders.
• Provide insight-led recommendations to enhance detective and protective security controls
• Support risk and compliance activities through evidence-based metrics and analysis.
• Track progress against cyber initiatives, control enhancements, and assurance actions to ensure measurable outcomes.

• Ability to define meaningful security metrics that drive insight rather than activity reporting, aligned to KPIs and business goals.
• Strong analytical skills with the ability to identify trends, risks, and improvement opportunities from complex data sets.
• Experience producing high-quality reports, dashboards, and presentations tailored to different audiences.
• Ability to translate technical security data into clear, actionable business insight.
• Strong stakeholder engagement skills with a proven ability to build trusted working relationships.
• Knowledge of data visualisation or reporting tools such as Power BI, Tableau, Service Now and operational databases.
• Strong understanding of cyber security principles, controls, and operating models.
• Experience working within a Cyber Security Governance, Risk & Assurance function.
• Familiarity with industry frameworks and standards such as ISO/IEC 27001, NIST CSF, NIST 800-53, or similar.