Information Security Threat Analyst

Summary

Description Summary of This Role

The Insider Risk Threat Analyst is an essential part of Global Payment’s Global Security Operations Management (GSOM). The Insider Risk Threat Analyst perform monitoring, inquiries, and assist during active investigations for the identification of fraud and provide expert support in the development of controls for detection/deterrence. This role will also drive the Insider Threat Program through on-going development of Insider Threat Program to drive tooling, data efficacy, fraud strategy for detections, high fidelity alerting, and examinations. All investigative work will require leveraging a combination of electronic evidence, internal resourcing, review of administrative controls, and conversations/interviews with potential subjects. The analyst must be comfortable with investigating insider activity surrounding fraud across complex technology stacks, working with incomplete facts, developing investigative tasking, driving investigative direction, and the tenacity to bring cases to closure.

What Are We Looking For in This Role?

Minimum Qualifications

• 1-2 years of insider threat monitoring, fraud examination, and/or fraud strategy development experience.
• Experience with conducting corporate investigations and detailed data analysis, presenting evidence orally and in writing for cases, and collaborating to mitigate gaps and reduce risk.
• Experience with User and Entity Behavior Analytics (UEBA), Fraud Strategy Rule Engines, and Data Loss Prevention (DLP) principles.
• Knowledge of computer forensics, incident response, threat-informed defense approaches, the MITRE ATT&CK framework, and cyber security principles.
• Experience with security technologies, such as EDR, DLP, CASB, UEBA, SIEM, IPS/IDS, PAM
• Experience with cross cutting technology stacks that include both on-prem and cloud resources
• Certifications - ACFE CFE, CERT ITPM, CFCI, CCCI, DFCP, DFCA, GCFE, CFCE, CFI, CFSR, or Similar Credentials.
  
  

Preferred Qualifications

• 1-2 years of insider threat monitoring, fraud examination, and/or fraud strategy development experience.
• Experience with conducting corporate investigations and detailed data analysis, presenting evidence orally and in writing for cases, and collaborating to mitigate gaps and reduce risk.
• Experience with User and Entity Behavior Analytics (UEBA), Fraud Strategy Rule Engines, and Data Loss Prevention (DLP) principles.
• Knowledge of computer forensics, incident response, threat-informed defense approaches, the MITRE ATT&CK framework, and cyber security principles.
• Experience with security technologies, such as EDR, DLP, CASB, UEBA, SIEM, IPS/IDS, PAM
• Experience with cross cutting technology stacks that include both on-prem and cloud resources
• Certifications - ACFE CFE, CERT ITPM, CFCI, CCCI, DFCP, DFCA, GCFE, CFCE, CFI, CFSR, or Similar Credentials
• Experience making remediation recommendations based on industry practice surrounding PCI, SOX, PHI, PII, GDPR, GLBA, and NIST CyberSecurity Framework
  
  

What Are Our Desired Skills and Capabilities?

• Track record of acting with integrity, taking pride in work, seeking to excel, and being curious and flexible
• Strong written and oral communication skills across varying levels of the organization
• Excellent judgment and the ability to make quick decisions when working with complex situations
• Understand insider tactics, techniques and procedures(TTP) to aid in discovery and analysis of fraud related behaviors
• High degree of integrity, trustworthiness and confidence; represents the company and its management team with the highest level of professionalism.
• Performing Log forensics to discover insider TTP reactively to fraud alerting
• Establishing and Maintaining Chain of Custody as well as collecting and preserving evidence
• Insider Threat Program Management and Development based on evolving threats and business operating environments for fraud risk
• Conduct proactive data discovery for new trends among possible insider threat actors
• Author targeted playbooks for new/changed investigative processes
• Investigating across complex technology stacks consisting of a blend of components ranging from IAAS, PAAS, FAAS, SAAS across multiple cloud providers