CyberSecurity Metrics Analyst
Fortune 50 Healthcare
Brooksource is looking for Cyber Security Metrics Analyst within the Enterprise Information Protection group for a Fortune 50 client in the Healthcare space. A project is underway to identify, define, and measure critical controls within IT and cybersecurity to provide awareness into the control environment and security posture of the organization. The goal is to consolidate and automate processes and then create centralized dashboards that are repeatable and performable. The main groups that will be of focus are access control, vulnerability management, pen testing, segregation of duties, and policies/procedures.
We are looking for an individual to support the metric component of this effort. This role would focus on evaluated controls as they are defined to determine the ongoing measurements that need to be established to evaluate these controls on an ongoing basis. As part of identifying these measurements, the individual will work with the team who defined the control to ensure an understanding of the control objective. Once the control and control objective are clear, the individual will identify the measurements that should be in place to evaluate the control on an ongoing basis. Once the measurements have been established, the individual will work with the broader metrics team to identify if this metric is currently available within the environment, or, if this metric needs to be defined, data sources identified, and other key attributes documented.
- Experience in evaluating controls as part of an IT audit or assessment
- Experience in evaluating controls Information Security audit or assessment
- Exposure to common control frameworks (COBIT, COSO, ITIL, ISO, NIST CSF, CIS 18, etc.)
- Exposure to the quantification of controls and ongoing monitoring
- General understanding of IT and Security functions (Access Management, Threat and Vulnerability Management, Education & Awareness, Policy Management, etc.)
Brooksource provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, national origin, age, sex, citizenship, disability, genetic information, gender, sexual orientation, gender identity, marital status, amnesty or status as a covered veteran in accordance with applicable federal, state, and local laws.