FLEX Manager, Insider Threat Management

JOB SUMMARY

The Manager Insider Threat Incident Response Analyst will respond to potential insider threat incidents by reviewing/analyzing data from a variety of data security and data loss prevention tools; and collaborating with multiple areas of the business to determine root cause of the events to make recommendations on how to improve our data loss prevention systems to mitigate insider risk. Knowledge of payment card data personally identifiable information (PII) and other sensitive data types is required. Through a strong understanding of insider threat behavior and data security events and incidents helps track and manage metrics (KPI/KRI) to ensure the advancement of the program across the enterprise while mitigating risk to the organization.

Required Experience and Education

• 5 years of experience in Information Security 3 years of experience in cybersecurity and/or insider threat incident response that must include experience in:
• Experience with data loss/information protection solutions (Splunk Netskope Microsoft O365 etc.)
• Identification of potential insider threat tools tactics and procedures (TTPs) Security data analysis from a variety of sources and tools including contributing to DLP policy/alert creation and maintenance.
• 1 year of experience with Windows log analysis and memory forensics Network traffic analysis
• Undergraduate degree in computer science or related field or equivalent work experience
• Ability to work flexible schedule that may include shift work.

Attributes and Preferred Experience:

• Development of incident response assessments and other similar reporting (demonstrated writing & comms skills). Experience in a similarly sized organization with significant complexity.
• Strong time management skills to balance multiple activities.
• Security Certification (i.e. GCIH GCFA CCSP OSCP etc.)
• Experience with DLP tools and/or methodologies to enhance insider threat incident response procedures.
• Experience responding to cyber events in public cloud environments such as AWS Azure Google Cloud etc. CORE

Work Activities:

• Conducts data security incident analysis in support of Marriotts Insider Threat Management Program working to help develop and maintain playbooks to ensure effective and efficient response processes and procedures.
• Handle escalations from internal and external sources to quickly triage and respond to potential insider threat incidents as needed.
• Develop and present comprehensive reports for both technical executive and non-security stakeholder audiences.
• Provide technical subject matter expertise related to projects and initiatives that advance the maturity and capability of Marriotts security program.
• Develop and follow detailed operational processes and procedures to appropriately analyze escalate and assist in the remediation of information security-related incidents.
• Apply technical acumen and analytical capabilities to speed and enhance response.
• Work in a flexible environment including shift work as required to meet business and operational needs.
• Maintaining Goals Submits reports in a timely manner ensuring delivery deadlines are met.
• Promotes the documenting of project progress accurately.
• Provides input and assistance to other teams regarding projects.
• Managing Work Projects and Policies Manages and implements work and projects as assigned.
• Generates and provides accurate and timely results in the form of reports presentations etc.
• Analyzes information and evaluates results to choose the best solution and solve problems.
• Provides timely accurate and detailed status reports as requested.
• Demonstrating and Applying Discipline Knowledge
• Provides technical expertise and support to persons inside and outside of the department.
• Demonstrates knowledge of job-relevant issues products systems and processes.
• Demonstrates knowledge of function-specific procedures.
• Keeps up-to-date technically and applies new knowledge to job. Uses computers and computer systems (including hardware and software) to enter data and/ or process information.
• Delivering on the Needs of Key Stakeholders Understands and meets the needs of key stakeholders.
• Develops specific goals and plans to prioritize organize and accomplish work.
• Determines priorities schedules plans and necessary resources to ensure completion of any projects on schedule.
• Collaborates with internal partners and stakeholders to support business/initiative strategies.
• Communicates concepts in a clear and persuasive manner that is easy to understand.
• Generates and provides accurate and timely results in the form of reports presentations etc.
• Demonstrates an understanding of business priorities.