Insider Threat Lead Analyst( Hybrid)

Citi Security & Investigative Services (CSIS) Intelligence combines specialized global intelligence research and analytical resources in support of investigations and security incidents.

We are a quickly evolving organization within CSIS charged with solving some of the most challenging intelligence and analytical questions posed to Citi. The work we do will engage your whole brain (as well as a fair amount of your time) and our most impactful achievements have one crucial feature in common: Colleagues who embrace our three Citi Leadership Principles.

+ We Take Ownership * #ThinkingOutsideTheBox #ProblemSolvers

+ We Deliver with Pride * #MakingAnImpact #LifeLongLearners

+ We Succeed Together * #Respect #DreamTeam

Citi is a great place to work, and we do some pretty cool stuff. So, if you think you are up for it, see if these apply to you:

• I enjoy working in a creative and high-paced environment where no two days are the same

• I am self-aware and use this ability to stay flexible and direct my behavior positively

• I enjoy being part of a diverse, multicultural, and globally dispersed team

• I communicate openly with others, share my ideas constructively, and listen actively

• I value being surrounded by talented, committed, and supportive colleagues

• I want my work to be meaningful and impactful

• I like to solve problems collaboratively, to be challenged intellectually, and want to take charge of my own career

• I embrace change with agility and a positive attitude
  

A little about this role:

The Citi Security and Investigative Services (CSIS) Insider Threat Lead Analyst position requires a high level of domain expertise in area of Insider Threat. The analyst will provide stakeholders with customized, advanced, professionally crafted intelligence, research, and analytical products. The analyst will be responsible for routinely evaluating Insider Threat tradecraft and methodologies to identify potential areas for improvement and/or gaps in the industry and developing training plans for the team’s analysts on these identified methodologies. This analyst will work within the Insider Threat program in collaboration with CSIS Investigations and Security across the globe.

Based in Tampa, Florida, this individual contributor position will report to the global CSIS Insider Threat Manager. In support of CSIS global functions, the incumbent will provide strategic, tactical, and operational analysis as part of the overall Insider Threat program.  This position will encompass reviewing CSIS investigations (related to Fraud, Conduct, and Cybersecurity) for Insider Threat or risk potential, conduct in-depth analysis of various data sets related to identity and access management, authorization mechanisms, security architecture, network components, and proxy logs. This role will provide training and awareness activities to appropriate business partners and managers within the organization and provide advice and assistance to ongoing investigations. This position will collaborate on the development of policies and procedures governing these intelligence programs.  This position will contribute to and provide guidance on the establishment of processes, procedures, and playbooks, oversee assigned consultations and analytical products, and identify opportunities for program improvement. This position will also identify opportunities to mentor, coach, and ensure professional development of other investigators and analysts as necessary.

Key Responsibilities/ Day to Day Activities

• Collect Insider Threat intelligence from various sources relevant to the firm and the industry to conduct risk assessments.

• Analyze the insider risks and potential impact of an incident and make recommendations on controls and mitigation.

• Develop and lead training engagements based on identified internal and external Insider Threat trends, activities and methodologies.

• Brief findings from Insider Threat cases to improve behavioral baselines, update network analysis, and improve indicators to identify future threats.

• Assist with consultation engagements across CSIS investigations.

• Develop leads through engagements with global and regional partners.

• Update workflows and process to ensure alignment with CSIS investigation programs.

• Gather both technical and non-technical data, analyze information and draw conclusions supported by facts, and develop written reports of findings.

• Identify and incorporate technologies able to facilitate incident management and referrals.

• Create presentations and brief senior managers.

• Liaison with a broad network of partners and peer institution levels to develop best practices.

• Knowledge of a second language is plus.   

• Create, develop, and update charter, runbooks, playbooks, workflows, processes, procedures, and other documentation as needed.

• Help track and manage metrics (KPIs/KRIs) to ensure the advancement of the program.

• Other duties as assigned.    

Job Qualifications

The CSIS Insider Threat Lead Analyst position is a high visibility, experienced position requiring proven experience in intelligence analysis and being part of quickly developing programs in a corporate setting. If you have the following, we would like to talk to you:

Work Experience:

• Minimum of 7 years of combined experience in Insider Threat, Counterintelligence, or Intelligence.

• Experience in analyzing and investigating insider threat incidents, identifying risks, and recommending controls.

• Familiarity of corporate insider threat tactics, techniques, and procedures.

• Familiarity with the Intelligence cycle.

• Proven track record of a taking a mitigation approach to detect and identify, assess, and manage an insider threat program or similar activity.

• Broad knowledge of business processes including business operations, information technology, security, fraud and misconduct investigations, and intelligence production.

• Experience in creating standard operating procedures, guidelines, processes, and intelligence product lines.

• Experience coordinating several projects simultaneously and oversee the execution of daily duties with minimal supervision.

• Strong organizational and facilitation skills.

• Experience in policy development, implementation, and training.

• Experience with enterprise level software tools to analyze large data sets and system logs.

• Experience with host-based insider threat detection tools and advanced analytic methodologies.

• Experience in advising senior management.

• Experience in working with Insider Threat regulations and information security reports.

• Proven track record of strategic thinking and finding business focused compliance solutions.

• Experience with enterprise level software tools to analyze large data sets and system logs (i.e. Splunk Microsoft Purview).

• Experience with host-based insider threat detection tools and advanced analytic methodologies (i.e. DTEX, Symantec DLP).

Qualifications:

• Minimum BA, preferred, post graduate degrees welcomed

• Demonstrated self-starter and resourceful individual, with experience of operating in fast paced and dynamic operational settings.

• Broad professional experience, including prior international work experience/travel or experience working as part of a globally dispersed team an advantage.

• Excellent communication and presentation skills. Ability to effectively communicate, both orally and in writing, through all levels of the organization.

• Self-motivated with the ability and maturity to make decisions in the absence of detailed instructions.

• Ability to identify risk, notify stakeholders, and inform leadership of the risk posed along with courses of action.

• Ability to maintain client relationships to exceed client satisfaction related to CSIS Insider Threat services and products.

• Process oriented and able to develop and describe process to a broad audience of varied backgrounds.

This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.

• Insider Threat Program Manager certificate a plus.
• Some corporate experience a plus.

------------------------------------------------------

Job Family Group:

------------------------------------------------------

Job Family:

------------------------------------------------------

Time Type:

------------------------------------------------------

Primary Location:

------------------------------------------------------

Primary Location Full Time Salary Range:

In addition to salary, Citi’s offerings may also include, for eligible employees, discretionary and formulaic incentive and retention awards. Citi offers competitive employee benefits, including: medical, dental & vision coverage; 401(k); life, accident, and disability insurance; and wellness programs. Citi also offers paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays. For additional information regarding Citi employee benefits, please visit citibenefits.com. Available offerings may vary by jurisdiction, job level, and date of hire.

------------------------------------------------------

Anticipated Posting Close Date:

------------------------------------------------------

Citi is an equal opportunity and affirmative action employer.

Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View the "EEO is the Law" poster. View the EEO is the Law Supplement.

View the EEO Policy Statement.

View the Pay Transparency Posting