Insider Risk Analyst

Insider Risk Analyst

Requirements

• 2+ years of related experience.
• Bachelor’s degree in related field required.
• Entry level to intermediate knowledge of general Financial Services or Banking is preferred.
• Entry level to intermediate knowledge of applicable regulatory and legal compliance obligations, rules and regulations, industry standards and practices.
• Intermediate experience with providing knowledge of cybersecurity policies and procedures, Privacy principles and practices, and vulnerability assessment tools and techniques.
• Intermediate knowledge of the risk and controls associated with Cybersecurity Program domains including Identify & Access, Data Protection, Threat/Vulnerability Management, BCP/DR, security governance & assessment, security training & awareness, network security, cloud security, emerging technology controls (e.g. AI, blockchain), third-party suppliers, security operations, etc.
• Proven experience using analytical and data visualization tools to automate the analysis of a large dataset and correlate with other sources of information.
• Understanding and/or working knowledge of insider risks relevant to Financial Services and Banking.
• Working knowledge of Azure, Azure SQL and serverless compute environments.
• Experience working with APIs, data warehouses or data marts involving the extraction, transformation, and loading of data in financial services environment.
• Proficiency in Power BI development to and creation of business intelligence data visualizations.
• Experience with SQL for data manipulation and extraction.
• Knowledge of Data Analysis Expressions (DAX) for creating calculations.
• Working knowledge of CMU Insider Threat Framework, MITRE ATT&CK Framework, Cyber kill chain, TTP, threat intelligence, malware triage.
• Understanding of various cybersecurity attacks conducted on systems, networks, and applications.
• Possess strong analytical skills, self-motivated, detail oriented and team player.
• Willing to learn and work in a collaborative manner with peers and team.
• Able to work under pressure during critical situations.
• A passion for cybersecurity and data security.
• Entry level speaking and writing communications skills.

Responsibilities

• Facilitate initial Insider Risk investigations by analyzing and verifying information through various data sources and tools such as Data Loss Prevention, Endpoint Detection and Response, Network Traffic Analysis & Deceptive Technology to detect malicious lateral movement & privilege escalation in On-prem and Cloud environment.
• Identify the technical requirements for accessing data for insider risk analysis.
• Provide actionable Insider risk analysis for remediation on all escalations.
• Facilitate Triage of potential Insider Risk events with cross-functional partners.
• Collaborate with internal teams to drive Insider Risk program continuous improvement.
• Assess and make recommendations for improvement and refinement of use cases, software tools, and other risk reduction methods used to improve the Insider Risk Program.
• Create analytical and data visualization tools to automate the analysis of large dataset and correlate with other sources and apply advanced analytics to identify insider anomalies.
• Develop insider risk indicators that fuse data from multiple sources.
• Maintain operational data store for insider risk and security program data in secure manner and according to industry best practices and regulatory requirements.
• Develop and implement software and data applications in both our existing stack (SQL Server on Azure VM, Python on Azure Linux VM) and coding for our planned future state (Azure SQL, Azure Linux VM, Master Data Management, etc.).
• Stay current with the latest cyber threats, attacks, and vulnerabilities, and updated with evolving and emerging attack techniques and methods.
• Maintain and update related insider risk artifacts such as IT Standards and Standard Operation Procedures and carry out activities specified in these documents.
• Participate in various cybersecurity exercises such as cyber tabletop and BCP.

Preferred Qualifications

• CompTIA Security+, CompTIA A+, GIAC Information Security Fundamentals (GISF), or Certified Information Systems Auditor (CISA) preferred.