Insider Threat Incident Response Analyst

The Sr Manager Insider Threat Incident Response Analyst will respond to potential insider threat incidents by reviewing/analyzing data from a variety of data security and data loss prevention tools; and collaborating with multiple areas of the business to determine root cause of the events to make recommendations on how to improve our data loss prevention systems and to mitigate insider risk. Knowledge of payment card data personally identifiable information (PII) Marriott intellectual property and other sensitive data types is required. Through a strong understanding of insider threat behavior and data security events and incidents helps track and manage metrics (KPI/KRI) to ensure the advancement of the program across the enterprise while mitigating risk to the organization.

5 years of experience in Information Security

3 years of experience in cybersecurity and/or insider threat incident response that must include experience in:

o Experience with data loss/information protection solutions (Splunk Netskope Microsoft O365 etc.) and case management systems such as Service Now.

o Identification of potential insider threat tools tactics and procedures (TTPs)

o Security data analysis from a variety of sources and tools including contributing to DLP policy/alert creation and maintenance.

6 months experience using Netskope Purview Splunk Exabeam and Crowdstrike or data from these systems to detect potential data leaks and prepare assessments.

Undergraduate degree in computer science or related field or equivalent work experience

Ability to work flexible schedule that may include shift work.

Development of incident response assessments and other similar reporting (demonstrated writing & comms skills) with demonstrated attention to details.

Experience in a similarly sized organization with significant complexity.

Strong time management skills to balance multiple activities.

Experience with DLP tools and/or methodologies to enhance insider threat incident response procedures.

Conducts data security incident analysis in support of Marriott s Insider Threat Management Program producing insider risk assessments when thresholds are met.

Collaborate with team members on assessments and other work products to improve results and processes.

Assist with the development and maintenance of insider risk playbooks to ensure effective and efficient response processes and procedures.

Handle referrals from internal and external sources to quickly triage and respond to potential insider threat incidents as needed.

Conducts content search using Microsoft Purview eDiscovery.

Provide technical subject matter expertise related to projects and initiatives that advance the maturity and capability of Marriott s security program.

Develop and follow detailed operational processes and procedures to appropriately analyze escalate and assist in the remediation of information securityrelated incidents.

Apply technical acumen and analytical capabilities to speed and enhance response.

Work in a flexible environment including shift work as required to meet business and operational needs.