Job DescriptionThe Impact you will have in this role:Reporting to the Director of Defensive Cyber Operations, the Insider Threat Manager is responsible for leading a team of investgators who monitor, detect, and proactively prevent insider threats. This role provides both people leadership and technical direction, ensuring the threat hunt program is intelligence-informed and aligned with organizational risk priorities, regulatory expectations, and industry best practices
As a first-line manager, you are accountable for the day-to-day execution and continuous improvement of the Insider Threat program. You leverage your expertise in adversary tradecraft, telemetry analysis, and detection engineering, while developing and empowering investigators to operate as high-performing cyber defenders. You play a critical role in Cyber Security Operations and partner closely with Cyber Monitoring & Incident Response, Cyber Threat Hunt, Cyber Threat Intelligence, Detection Engineering, and Offensive Cyber Operations.
Your Primary Responsibilities:- Be accountable for the operational performance and effectiveness of the team.
- Lead, mentor, and develop a team of investigators, fostering a culture of curiosity, rigor, and continuous improvement.
- Plan, prioritize, and oversee investigations and proactive risk reduction actions based on Threat Intelligence, Lessons Learned, and Risk Signals.
- Translate high-level threat intelligence and organizational risk into actionable hunt objectives and execution plans.
- Ensure consistent use of defined methodologies, documentation standards, and quality review processes.
- Partner with Cyber Monitoring & Incident Response to transition investigation findings to incident response activities when applicable.
- Identify visibility gaps, control weaknesses, and tooling limitations; collaborate with stakeholders to remediate issues.
- Develop, track, and report key metrics, including coverage, outcomes, and impact, to leadership and stakeholders.
- Communicate findings and trends clearly through high-quality written reports and presentations tailored to technical and non-technical audiences.
- Support regulatory, audit, and risk management inquiries related to insider threats.
- Act as an escalation point for high prioritiy investigations, investigative questions, or urgent threat activity.
- Promote and evangelize the value of proactive insider risk reduction throughout the organization
- Participate in on-call escalation and perform emergency after-hours work when required.
- Travel to conferences, training, and other company offices as needed (up to ~30%).
**NOTE: The Responsibilities of this role are not limited to the details above. **Qualifications:- Min of 8 years of relevant experience
- Bachelors' degree and/or equivalent experience
Talents Needed for Success:- 5+ years of cybersecurity experience, including hands-on experience in insider threat, cyber security engineering, data loss prevention, incident response, or adversary emulation.
- 2+ years of experience as a people manager, team lead, or program lead with a proven ability to develop technical talent.
- Experience building, operating, or maturing a insider threat capability.
- Strong understanding of adversary tactics, techniques, and procedures (e.g., MITRE ATT&CK).
- Demonstrated ability to lead teams in executing complex technical investigations and analysis.
- Ability to translate high-level objectives into actionable plans, tasks, and measurable outcomes.
- Excellent written communication skills, including the ability to produce detailed analysis, findings, and recommendations.
- Strong verbal communication and presentation skills, with the ability to brief stakeholders at multiple levels.
- Ability to convey complex technical concepts clearly to both technical and non-technical audiences.
- Proven ability to manage competing priorities and respond effectively in time-sensitive situations.
- High emotional intelligence, sound judgment, and a collaborative leadership style.
- Strong personal drive to contribute to and sustain a high-performing cyber security team.
The salary range is indicative for roles at the same level within DTCC across all US locations. Actual salary is determined based on the role, location, individual experience, skills, and other considerations.
About the TeamEnterprise Product & Platform Engineering transforms the way we deliver infrastructure to our business clients. A key construct of EP&PE will be the evolution of the IT Product Manager, who will partner with the Engineering organization, the Business Aligned Service Delivery organization, the DevSecOps organization as well as our operational support teams to ensure that this organization provides high quality, commercially attractive and timely solutions to support our business strategy.