[Hiring] Insider Threat Team Lead - Information Security @Wellstar Health System

Role Description

The Insider Threat program is a standalone part of an advanced analytics capability of the larger Security Operations Program that provides comprehensive Computer Network Defense and Response support through monitoring and analysis of potential threat activity targeting the enterprise. The Team Lead, Insider Threat will conduct advanced security event analytics, insider threat monitoring, log analysis and case management.

In support of this vital mission, WellStar Security Operations staff are on the forefront of providing Advanced Operations, and Systems Engineering support to include the development of advanced analytics and countermeasures to protect critical assets from hostile adversaries. To ensure the integrity, security and resiliency of critical operations, we are seeking candidates with diverse backgrounds in cyber security systems operations analysis and incident response.

Core Responsibilities and Essential Functions

• Strategy and Leadership
  • Provide leadership and work in partnership with IT, HR, Legal and other cross-functional teams.
  • Provide thought leadership to identify issues, develop alternatives, provide recommendations, and implement decisions on an ongoing basis for critical program issues.
  • Present relevant insider threat details to director and senior leaders.
  • Proactively work to develop relationships across the company and provide specialized support by gathering, handling, examining, preparing, entering, searching, retrieving, identifying and/or comparing digital and/or physical evidence.
• Technical Implementation
  • Assess existing capabilities, identify gaps, and develop technical and non-technical indicators.
  • Provide system engineering, security engineering, programmatic integration, technical support documents, and expert assistance on solutions to enable the insider threat program operations and coordination.
  • Work with architecture to deploy and implement solutions as securely and effectively as possible.
  • Aggregate, analyze, and evaluate technical data sources to identify insider risks.
  • Evaluating tools for efficacy and interoperability with existing tool sets (data sources).
  • Integrating new data sources with existing detection tools.
  • Supporting testing, implementation, and updating of insider threat detection rules and policies as needed.
  • Knowledge of DLP technologies like McAfee/Symantec DLP Suite, McAfee/Symantec Cloud Access Security Broker (CASB), Microsoft Security Suite M365 (Defender, DLP for OneDrive, etc.), and Microsoft AIP.
  • Knowledge of UEBA/UBA technologies such as Exabeam, Varonis, Qradar and Microsoft Cloud App Security.
  • Broad understanding of IT security concepts and Defense-in-Depth practices.
• Conduct security investigations
  • Manage day-to-day evaluation, analysis, and investigation of potential insider threat events.
  • Work with the director to support highly sensitive, complex, and confidential insider threat investigations into incidents of data loss and intellectual property theft, technology misuse, conflict of interest, etc.
• Reporting, Metrics and Training
  • Create documentation including playbooks, procedures, and policies.
  • Provide metrics to show program effectiveness and maturity.
  • Participate in industry peer working groups to stay abreast of the latest technologies and emerging threats.
  • Lead, develop, and maintain Insider Threat performance measures, determining appropriate metrics, methodologies, tools, and procedures.
• Cross Functional Liaison
  • Ensure compliance with industry and regulatory standards including local laws at global locations.
  • Act as subject matter expert (SME) spokesperson for all technical aspects of the Insider Threat Program Operations.
  • Performs other duties as assigned.
  • Complies with all WellStar Health System policies, standards of work, and code of conduct.

Qualifications

• Bachelors Information Security or Bachelors Computer Science or Bachelors Other or Masters Information Security - Preferred

Requirements

• Minimum 5 years information security, IT audit or a related field.
• Insider Threat Investigations utilizing tools such as DLP, CASB, UEBA.
• Experience with information security principles, industry standards, and best practices.

Required Minimum Skills

• Strategic planning and the development of supporting policies and procedures.
• Technical lead/project leader experience in planning, implementing, and supporting enterprise information security solutions.
• Project management.
• Develop and manage key stakeholder relationships.
• Effectively coordinating work on multiple and diversified tasks while working with conflicting priorities and deadlines.
• Ability to balance business requirements, patient safety and security risks.
• Ability to function in a highly dynamic results-driven and high-pressure environment in order to achieve required objectives.
• Strong attention to detail and problem-solving skills.
• Able to work independently and on a team.
• Creative thinking and ability to "think outside the box".
• Knowledge of HIPAA Security Rule, PCI DSS and NIST CSF.

Benefits

• Join us and discover the support to do more meaningful work—and enjoy a more rewarding life.
• Connect with the most integrated health system in Georgia, and start a future that gives you more.