Security Metrics & Reporting Consultant

Security Metrics & Reporting Consultant

Location: London (Hybrid)

Albany Beck is rapidly scaling its Cyber Security Risk Practice, and we’re looking for a Security Metrics & Reporting Consultant to join us at the forefront of this exciting growth phase. You\’ll be part of a high-performing team supporting a global Financial Services organisation to build out a mature, regulatory-aligned Security Risk Function.

This is a strategic role with real visibility — driving how cyber risk data is measured, managed, communicated, and understood at all levels of the organisation, including the Board.

Key Responsibilities:

• Establish and manage the Security Risk reporting calendar, cadence, and communications across multiple stakeholders and functions.
• Define, develop, and maintain key security metrics, KRIs, and performance reporting frameworks aligned with regulatory and business priorities.
• Translate complex technical data into clear, meaningful reports for senior business and non-technical audiences.
• Create Board-level inputs and executive reporting packs with top-level narratives and insight-driven commentary.
• Ensure alignment with NIST frameworks and internal Cyber Risk Management principles.
• Identify, connect, and manage data sources, owners, systems, and submission cycles to ensure timely and accurate reporting.
• Conduct “check and challenge” analysis to interrogate risk data, understand trends, and communicate the “so what” clearly.
• Lead regular reviews of trending metrics and insights with the Executive Director and Head of Function.
• Engage regularly with IT, Security, and Business stakeholders to align risk reporting with organizational objectives.

What We’re Looking For:

• RSA Archer expertise or other GRC tooling
• Proven experience with NIST or other regulatory-aligned frameworks.
• Deep understanding of Cyber Risk Management principles.
• Exceptionally organized, with strong attention to detail and ability to manage multiple priorities.
• Strong written and verbal communication skills – able to produce technical and business-facing reports with clarity and precision.
• Confident in stakeholder management – able to work with and influence colleagues across Security, IT, Risk, and the wider business.
• Experience in producing executive and board-level reporting, metrics, and trend analysis.