Job Information

TIAA Lead Cybersecurity Manager, Insider Threat in LEWISVILLE, Texas


TIAA is the leading provider of financial services in the academic, research, medical, cultural and government fields. We offer a wide range of financial solutions, including investing, banking, advice and education, and retirement services.


The Insider Threat Management Operations (TMO) team members are required to keep an open mind and pivot quickly between activities based on priorities and ongoing intelligence. They need to be able to reach across teams to help drive understanding out of complex problems, keep a focused goal of producing intelligence, briefings, and recommendations for threat hunts and situations. They need to be creative in the face of gaps, and then help identify, consult, and support the resolution of gaps. This individual needs to have a history of leading a team that utilizes logs, tools, and manual processes to compare normal activity against malicious activity. They have to be able to foster creative thinking to assess intention and actions, even during limited or fragmented data. They need to trust their instincts, and know when to keep diving into a problem to define the existence and intention of adversary activity. Lastly, this role will help grow automation efforts on the team through custom tool development, and by providing requirements and support to partner teams who share similar goals.


  • Lead staff of cybersecurity analysts, focusing on execution, planning, performance management and staff development.

  • Provide mentorship and guidance to cybersecurity analysts, to help them develop in their ability to recognize security incidents.

  • Maintain effective operational, coverage, and executive-level metrics.

  • Develop and maintain standard operating procedures to reflect day-to-day operations.

  • Actively hunt for threats in the environment and collaborate findings with a variety of high caliber teams.

  • Work with partner teams and internal customers to gather preliminary investigative data, in order to assess the validity of the threat, and determine if further allocation of investigative resources is needed.

  • Utilize standard investigative techniques to gather, analyze, and work with teams to prove or disprove the allegation(s) with data.

  • Create a concise, consumable report for both technical and non-technical customers. detailing the factual outcome of the investigation.

  • Brief internal customers (Information Technology, Human Resources, Legal, etc.) on relevant findings on a need to know basis as determined by the sensitivity of the investigation or as mandated by the business.

  • Assist internal customers & partner teams with any follow-up efforts that are within the investigation’s scope.

  • Contribute to ongoing intelligence gathering efforts

  • Apply business logic and user logic as a factor during data analysis to determine risk, threat, and impact possibilities.

  • Suggest new tool opportunities, methodologies, and improvements for hunting both insider or external threat-actors.

  • Develop upon opportunities by designing, deploying, and maintaining tools, artifacts, and procedures



  • 7 or more years experience in at least one of the following areas; threat intelligence, threat hunting, data analysis, security monitoring, host or network forensics.

  • 3 or more years of experience in managing, leading, or mentoring a team of individual contributors

  • 3 or more years of experience with technical investigations/response, insider threats, or law enforcement investigations.

  • Minimum 2 years of experience working with at least one of the following enterprise security solutions: Security Information and Event Management, Data Loss Prevention, Endpoint Detection & Response, or UBA (User Behavior Analytics).


  • Degree in mathematics, computer science, or other engineering discipline.

  • Strong knowledge and/or experience with User Entity Behavior Analytical solutions.

  • 3 or more years of experience conducting and managing investigations, both insider and threat-actor based.

  • Strong interpersonal skills, able to communicate with a wide range of technical and non-technical partners.

  • Knowledge and/or experience with the MITRE ATT&CK framework.

  • Standing relationships with industry associations relevant to the position.

  • Excellent written and oral communication skills. Must be able to contribute to intelligence reports, briefings, roadmaps, and long-range planning documents.

Equal Employment Opportunity is not just the law, it’s our commitment. Read more about the .

If you need assistance applying due to visually or hearing impaired, please email .

We are an Equal Opportunity/Affirmative Action Employer. We will consider all qualified applicants for employment regardless of age, race, color, national origin, sex, religion, veteran status, disability, sexual orientation, gender identity, or any other legally protected status.

Additional Information

  • Requisition ID: 1718525

Field: Technology

Company: TIAA

Post Date: Apr 15, 2019