DescriptionWithin Global Security, the Insider Risk team is responsible for identifying potential threats against the firm and its workforce from internal actors and developing strategies to mitigate those threats to protect the firm’s reputation, workforce, clients, and assets. The Insider Risk program is one of the enterprise-wide initiatives of strategic importance to GS and JPMC senior leadership. Its mission is to support firm-wide efforts through data-driven identification, analysis, research, and mitigation of insider risks.
As an Insider Risk Associate within our Risk Management team, you will be tasked with defining, detecting, and analyzing behavioral and technical indicators to evaluate potential risks and threats to the organization. Your role will involve leading the triage of insider incidents, creating insider context analyses and risk assessments, and developing and implementing innovative enterprise-wide solutions for the detection and mitigation of insider threats. We are seeking a highly motivated team member with robust interpersonal and technical skills, capable of effectively navigating ambiguity and adjusting workload to meet shifting priorities. You should be comfortable working in a fast-paced environment and collaborating with a diverse set of stakeholders and decision makers.
Job responsibilities
- Execute of day-to-day operations and critical strategic deliverables in accordance with legal and privacy requirements and expectations.
- Work as part of the team of analysts conducting triage of events generated by monitoring use cases, producing contextual data-driven analyses of insider incidents, risk analyses, and threat assessments.
- Facilitate the referral of anomalous and suspicious activity for investigation, escalation of critical information to Subject Matter Experts (SMEs), and cross-functional coordination of mitigation strategies.
- Monitor internal and external intelligence sources for notable insider events and contribute to topological analyses of insider incidents as an assessment of risk and response actions,
- Provide SME-level support on insider risk matters leveraging knowledge of insider risk, cyber security, and counterintelligence.
- Communicate complex problem sets in succinct and clear manner that is understandable to a variety of stakeholders audience.
- Support compliance in strengthening the firm-wide control environment.
Required qualifications, capabilities and skills
- 5+ years of work experience supporting an insider risk/threat program
- Direct experience performing analytical and/or investigative work as an analyst/senior analyst in industry or government.
- Experience in assessing complex threats, scoping and developing mitigation strategies in coordination with cross-disciplinary global teams.
- Undergraduate degree related to Intelligence Studies, Forensic Science, Security Studies, Computer Science, Cybersecurity, Data Analysis, or a related field.
- Experience conducting risk assessments and in-depth multi-source research on threat actors, tactics, techniques, and emerging trends to inform risk scenarios.
- Experience evaluating control environments and developing mitigation strategies as a solution to control gaps.
- Strong interpersonal skills, written and verbal communication, and experience with executive level briefing.
- Ability to think independently, creative problem-solving abilities and a passion for experimenting and developing new innovative solutions to complex problems..
- Experience implementing and managing workstreams, facilitating stakeholder engagement, issue management, and managing timely on-budget delivery of executables.
- Proficiency with MS Office suite.
Preferred qualifications, capabilities and skills
- Experience in or knowledge of the private sector including but not limited to the financial industry
- Insider Threat (e.g. CERT courses, CCITP, GCITP, FIAT, etc.), Counterintelligence, analytical and/or security tradecraft training and certifications
- Behavioral Science/ Behavioral Analysis/Behavioral Threat Assessment experience or training
- Experience with insider threat technical solutions and data analytics platforms including but not limited to User Activity Monitoring (UAM) and User Behavior Analytics (UBA) principles and tools, rules and policy engines
- Experience with SQL, data query, analytical tools and visualizations