The Insider Risk Analyst is responsible for identifying, analyzing, and mitigating potential insider risks to the organization. This role involves monitoring and assessing data to detect suspicious activities, policy violations, and vulnerabilities that could compromise the confidentiality, integrity, and availability of the company's information assets.The Insider Risk Analyst will work closely with various departments, including IT, HR, and others in Legal, to ensure a comprehensive approach to insider risks and data management.
Essential Job Functions
- Conduct thorough analysis of data to identify potential insider risks and vulnerabilities.
- Monitor user and entity behavior analytics (UEBA) and related telemetry to detect anomalous behaviorand suspicious activity.
- Utilize security information and event management (SIEM) tools to analyze logs and alerts.
- Support DLP policy tuning, alert review, and compliance monitoringto reduce unauthorized data exfiltration.
- Support the guidance on the deployment and tuning of user activity monitoring (UAM) signatures to detect policy violations.
- Collaborate with cross-functional teams to triage, investigate and respond to insider risk incidents.
- Provide detailed assessments and reports on identified threats, vulnerabilities, and policy violations.
- Recommend risk-based mitigation strategies and control improvements to strengthen the organization's security posture.
- Stay updated on the latest trends, tactics, and developments in insider risk detection and prevention.
- Conduct training and awareness programs for employees to promote a culture of integrity, security and compliance.
Job Requirements
- Bachelor's degree in Cybersecurity, Information Technology, or a related field. Advanced degree preferred.
- Minimum of 1-2 years of experience in cybersecurity preferred.
- Proficiency with cybersecurity tools and technologies, including SIEM, UEBA, EDR, UAM, and Microsoft Purview and Microsoft Defender are preferred.
- Strong analytical and problem-solving skills with the ability to triage alerts, correlate multiple data sources, and identify trends and patterns.
- Excellent verbal and written communication skills, with the ability to document investigations clearly and convey technical information to non-technical stakeholders.
- Ability to work both independently and collaboratively in a fast-paced environment.
- Relevant certifications such as CISSP, CISM, CIPP, or CERT Insider Threat Program Manager are highly desirable. Experience in conducting confidential investigations and handling digital evidence.
- Experience with operating system, cloud access, and web proxy event logs is preferred.
- Experience and skills in other areas of compliance will be considered.
- Knowledge of cybersecurity and privacy laws and regulations.
NOTE: This job description is not intended to be all-inclusive. Employee may perform other related duties as negotiated to meet the ongoing needs of the organization.