Sr. Insider Risk Analyst

GENERAL SUMMARY Our Information Security Team is responsible for identifying potential threats against the Bank and its workforce from internal and external threat actors and developing strategies to mitigate those threats to protect the Bank’s reputation, workforce, clients, and assets. The Insider Risk Analyst supports the Insider Risk Program by monitoring and triaging insider-risk alerts, conducting multi-source analysis to determine context and risk, and documenting findings for appropriate escalation. Additionally, the Insider Risk Analyst will assist in assessing exfiltration paths, tuning security tools and policies, and providing Information Security training and awareness to the organization. This role partners closely with Human Resources, Legal, other Information Security teams, and Information Technology to coordinate investigations, recommend mitigation actions, and help ensure activities are performed in accordance with data privacy, legal, and regulatory requirements.   ESSENTIAL FUNCTIONS Lead triage of insider-risk alerts generated by monitoring use cases and tools; validate activity, gather context, and determine appropriate disposition in accordance with approved procedures. Respond to DLP alerts, monitor DLP consoles and analyze security events to identify potential data loss incidents. Lead in-depth investigations of suspected insider threat incidents, including unauthorized access, data exfiltration, and policy violations. Regularly review and fine-tune DLP and UEBA rules/policies to reduce false positives and improve detection accuracy. Develop and implement insider threat detection use cases, alert rules, and incident response playbooks. Assess potential insider threats by evaluating the risks associated with users, data, and systems. Prepare clear case documentation and facilitate timely escalation or referral to investigators, HR, Legal, or other SMEs when thresholds are met; track outcomes and support coordination of mitigation actions. Lead interviews with the business units and monitor external intelligence sources for notable insider-risk indicators and emerging tactics; contribute to analysis of trends to inform detection tuning and response playbooks. Create and advocate for Team Member training and awareness on cybersecurity risks and best practices; design and track phishing simulation campaigns. Support program governance by authoring documentation (e.g., procedures, roles and responsibilities, and control evidence) and by adhering to the established control environment. Collaborate with stakeholders across the Bank and, as applicable, with external partners to stay abreast of industry trends and best practices in insider-risk monitoring, investigations, and privacy-aligned analytics.   QUALIFICATIONS Education:     Undergraduate degree in Intelligence Studies, Forensic Science, Security Studies, Computer Science, Cybersecurity, Data Analysis or a related field or equivalent experience. Behavioral Science/ Behavioral Analysis/Behavioral Threat Assessment experience or training preferred. Experience:   Minimum 5+ years of work experience supporting insider threat/insider risk, investigations, security operations, fraud, or risk analysis. Preferred experience in or knowledge of financial industry. Experience in or knowledge of fraud. Preferred experience with User Activity Monitoring (UAM), User Behavior Analytics (UBA) principles and tools, rules and policy engines, other insider threat technical solutions and data analytics platforms.  Preferred experience supporting an insider threat/risk program or investigative team by assessing complex events, building narratives from multiple data sources, and recommending mitigation actions in coordination with cross-disciplinary partners. Preferred experience conducting risk assessments and in-depth multi-source research on threat actors, tactics, techniques, and emerging trends to inform risk scenarios, evaluate control environment and develop mitigation strategies. Skills/Ability:  Demonstrates the ability to work effectively with a diverse range of stakeholders across various levels of the organization.  Applies foundational elicitation skills, including building rapport, active listening, and asking thoughtful, open-ended questions to gather information.  Utilizes strong critical thinking skills to analyze information, solve problems, and make informed decisions.  Exhibits creativity in approaching challenges and developing innovative solutions.  Maintains a high level of confidentiality and exercises sound judgment and discretion when handling sensitive information. Ability ro build successful and sustainable relationships across all lines of business and with technical partners to develop solutions Ability to manage multiple cases and priorities simultaneously, meet deadlines, and maintain thorough, well-organized documentation Demonstrates analytical rigor and creativity to solve complex problems, identify meaningful patterns in data, and deliver practical, risk-based recommendations. Technical: Knowledge of DLP — network, endpoint, cloud; as one data source in the ecosystem Knowledge of OSINT concepts — collection, managed attribution, legal boundaries Knowledge of MITRE ATT&CK — TTPs mapped to insider threat scenarios Awareness of privacy law constraints on monitoring (CCPA, state laws) Knowledge of insider threat laws and regulations Knowledge of networking (TCP/IP, DNS, DHCP, HTTP/S) Knowledge of risk management processes and frameworks Knowledge of OS fundamentals — user activity logs, file systems, process behavior  Knowledge of IP addressing, DNS resolution, basic network flow logs Knowledge of CMU threat categories: IP theft, sabotage, fraud, espionage, unintentional Knowledge of information collection tools and techniques    ON-GOING TRAINING Each team member is required to complete all required training including Compliance and Bank Secrecy Act/Anti-Money Laundering training suitable to his or her position within the Bank. Achievement of or willingness to pursue Insider Threat (e.g., CERT Insider Threat Program Manager, CCITP, GCITP, etc.), Counterintelligence, analytical and/or security (e.g., Security+, Network+, CEH) tradecraft training and certifications   OTHER DETAILS $74,900 – $86,800 / year Pay determined based on job-related knowledge, skills, experience, and location.This position may be eligible for a discretionary bonus.