TIAA Sr. Insider Threat Cyber Analyst in CHARLOTTE, North Carolina
Sr. Insider Threat Cyber Analyst
Location: United States, North Carolina, Charlotte
Post Date: 5 hours ago
As long as there are people who make the world a better place, we'll keep making a difference for them. Since 1918, it has been TIAA's mission to serve those who serve others. It is this mission and the values we embrace that make us a different kind of financial services organization.
When you work here at TIAA, you're not just in it for yourself. You are part of something bigger. A collective mission to make a difference - a collective mission we make our own.
To be difference makers.
For more information about TIAA,.
The Senior Insider Threat Cyber Analyst within the Cyber Investigations organization will report into the Manager of the Insider Threat Unit. This person will support the establishment and execution of the insider threat program. Will conduct data analysis utilizing forensic and data mining tools to identify insider threat activity. Collect, search, recover, and organize electronic information in all phases of an investigations related to litigation, employee investigations, incident response and cyber security events. They will conduct user activity and network monitoring based on the results of data analysis, or specific inquiries from stakeholders including Human Resources, Internal Audit and other investigative partners. The Analyst must be able to identify potential data leaks and determine if information constitutes a violation any company policies related to Personal Identifiable Information (PII) or Intellectual Property (IP). Evaluate user activity to determine if the activity is within the user’s day to day responsibility or potentially an abuse of privilege or unauthorized.
KEY RESPONSIBILITIES AND DUTIES:
Further the design and maturation of TIAA’s InsiderThreat program
Develop and deliver stakeholder presentations whichfurther the awareness and understanding of the insider threat program andcapabilities
Conduct and triage anomalous events of concern usingindustry data loss prevention tools to include User and Entity BehaviorAnalytics (UEBA) and User Activity Monitoring (UAM) capabilities.
Propose and execute program initiatives, andcollaborate with key stakeholders to create business value
Receive, evaluate and initiate the processing of cyberforensic investigations
User activity monitoring
Develop strategies to improve the efficiency andconsistency of service delivery
Provision of report and statements in clear unambiguouslanguage
Maintain a strong focus on case logs, repeatability andchain of custody
Identification of root cause in partnership with peergroups on remediation of control gaps/failures
Interact with and lead discussions with executivesacross different functions and lines of business
Maintain an awareness of industry challenges andadvancements in order to add value to existing technologies and processesused within the team
Search and seizure of physical and logical evidence
Imaging of hard disk drives and other digital storagemedia
Digital forensic examination and analysis
Recovery of deleted files and folders, internethistory, deleted emails, identification of attached devices, analysis ofevent logs and proxy logs
Network packet capture and analysis
Mentor junior analysts
Potential travel (occasional) related to investigativeneeds.
Minimum 7 years’ of IT experience
Minimum 4 years of experience in Cybersecurity
Minimum 2 years of experience working with at least one of the following enterprise SIEM tools (Splunk, ArcSight,LogRhythm, FireEye, CrowdStrike) or UBA (User Behavior Analytics).
Desired Skills (Preferred, notrequired):
Possess one or more of the following certifications:CFCE, CCE, EnCE, ACE, GCFA, CISSP, CFE or similar IT securitycertifications
Insider Threat program experience as a focus areawithin Cybersecurity
Strong knowledge of User Behavior Analytical conceptsand products
Mix of intelligence, threat analysis, investigativeexperience, and technical skills related to cyber security and insiderthreats
3-5+ years in computer forensic investigations
Working knowledge of Data Loss Prevention controls(e.g. Symantec, McAfee, Websense)
Proven ability to self-direct project outcomes, withminimal supervision, to achieve program goals.
Working knowledge of conducting a forensicsinvestigation
Hands on experience with an Incident Management Tool(RSA Archer, ServiceNow)
Hands on experience with user activity monitoring toolssuch as ObserveIT, Veriato 360 or similar product
Experience with databases, SQL, and data visualizationtools
Experience with Windows, MacOS, Linux, iOS
Working knowledge of reviewing Windows, MacOS, or *NIXlogs
Ability to build consensus and cooperation as well asthe ability to interact, influence, and negotiate with leadership withinthe firm.
Ability to navigate and work effectively across acomplex organization.
Experience in financial services including Retirements,Retail/Commercial banking, or another other financial institution line ofbusiness (Brokerage, Insurance, or Asset Management)
Good understanding of data privacy laws and experienceinteracting with Legal and Compliance professionals
Equal Employment Opportunity is not just the law, it’s our commitment. Read more about the.
If you need assistance applying due to being visually or hearing impaired, please email.
This organization is an equal employment opportunity (EEO) employer, dedicated to maintaining a work environment free of bias, harassment, discrimination and retaliation. As an EEO employer, this organization expressly prohibits discrimination, harassment, and retaliation on the basis of race, creed, ethnicity, color, age, religion, sex, sex stereotype, pregnancy (including childbirth, breastfeeding or related medical conditions where applicable), sexual orientation, gender, gender identity, gender expression, transgender, marital status, national origin, ancestry, physical or mental disability, requesting a reasonable accommodation based on mental or physical disability, medical condition (as defined by applicable law), genetic history and information, citizenship status, military or veteran status, or any other status protected by federal, state, or local law or ordinance or regulation (collectively referred to here as “protected characteristics”).
*©2016 Teachers Insurance and Annuity Association of America (TIAA), 730 Third Avenue, New York, NY 10017
- Requisition ID: 1718002