Insider Threat & DLP Principal Analyst

Overview:

We are CONNECTING HEALTH AND WEALTH. Come be part of remarkable. 

How you can make a difference  

The Insider Threat Mgr is responsible for leading the Insider Threat, Data Loss Prevention, and Incident Response programs. A deep understanding of insider threat management, including program planning, risk identification, and operational execution is essential to this role. This role also requires proven expertise in developing and leading insider threat teams, crafting effective communication strategies, and implementing comprehensive security programs that safeguard organizational assets and data. 

What you’ll be doing

• Lead and collaborate on the maturity of the Insider Threat Program, Data Loss Prevention (DLP) Program, and Incident Response Program, with a focus on SOAR automation to streamline response processes. Review and update DLP and Incident Response policies, recommending modifications to enhance automated detection and response capabilities through SOAR. Develop strategies to prevent insider threat behavior, data leakage, or incidents by leveraging automated detection and response systems.
• Develop roadmaps for continuous improvement of the Insider Threat, DLP, and Incident Response Programs, ensuring SOAR automation is fully integrated into detection and remediation processes. Build processes for evaluating DLP alerts and automating response workflows using SOAR, including incident classification, automated responses, and coordination with key stakeholders.
• Review current technology capabilities, identify gaps in the DLP, Insider Threat, and SOAR ecosystems, and build a business case for new technologies if necessary. Evaluate new technologies and tools to improve DLP monitoring, insider threat detection, and incident response capabilities. Conduct analytical and critical thinking to assess DLP-related incidents, leveraging SOAR tools to identify trends, automate response actions, and recommend mitigation strategies.
• Provide advice and expert guidance on data security issues and SOAR integration, focusing on automating the remediation of insider threats and external adversaries. Build and implement processes and technologies to detect and respond to high-risk insider and data activities, either accidental or malicious. Design reporting mechanisms for potential or actual DLP violations, insider threats, and automated incident responses
• Coordinate and collaborate with the SOC, IT, Help Desk, Fraud, Corporate Physical Security Risk teams, and Business Units (BUs) to mitigate risks and automate responses through SOAR for identified risks. Develop technical support documents, summaries, reports, presentations, and other materials related to DLP, SOAR integration, and Incident Response.
• Conduct regular risk assessments on critical assets, including trade secrets, PII, proprietary data, and IT systems, ensuring logging, monitoring, and automated responses are in place for all identified critical assets. Monitor and respond to suspicious or disruptive behaviors related to data loss or insider threats, ensuring incidents are automatically detected, escalated, and remediated using SOAR tools.
• Present briefings to leadership and key stakeholders on emerging risks, SOAR-driven efficiencies, and program performance. Develop a DLP and SOAR training curriculum for team members, ensuring proficiency in utilizing SOAR tools for automated detection, escalation, and remediation workflows. Collaborate with law enforcement, industry experts, internal stakeholders, and external peers to enhance the Insider Threat and DLP detection models, SOAR-driven response techniques, and incident response automation.
• Oversee daily operations and management of the DLP Program, SOAR-based response capabilities, and support the Insider Threat Program.

What you will need to be successful

• Bachelor’s degree in computer science or a related field and 8+ years of relevant experience in security operations, DLP, incident response, and insider threat monitoring, or equivalent combination of education and experience.
• 4+ years of experience addressing security issues, identifying vulnerabilities, staying current on regulatory and legal changes, and applying security standards with an impact on Information Security. Proven hands-on experience with DLP tools, including configuration and daily management.
• 2+ years of experience in Insider Threat Program management and implementing information security and network best practices.
• 5+ years of experience providing expert guidance on security issues affecting business processes and procedures, particularly those exploitable by insiders (accidental and malicious).
• Ability and willingness to participate in on-call rotations and work non-standard hours when necessary.
• Proficiency with ServiceNow SIR, Microsoft Sentinel, Splunk, Azure Purview, and Azure Insider Threat Management tools.
• Strong working knowledge of network and endpoint security principles, current threat and attack trends, and core security concepts.
• Experience developing and implementing training programs and remedial actions as needed to mitigate security risks.
• Ability to thrive in a fast-paced environment, adapt quickly to technological and business changes, and display sound judgment while solving complex problems.
• Exceptional verbal and written communication skills, with the ability to articulate complex security concepts clearly and effectively.
• Continued professional development and certifications such as CISSP, CISM, GSEC, or CIPP/US.

#LI-Remote

This is a remote position.

The compensation range describes the typical minimum or maximum base pay range for this position. The actual compensation offer is determined based on job-related knowledge, education, skills, experience, and work location. This position will be eligible for performance-based incentives as part of the total compensation package, in addition to a full range of benefits including:

• Medical, dental, and vision
• HSA contribution and match
• Dependent care FSA match
• Uncapped paid time off
• Adventure accounts
• Paid parental leave
• 401(k) match
• Personal and healthcare financial literacy programs
• Ongoing education & tuition assistance
• Gym and fitness reimbursement
• Wellness program incentives

Why work for HealthEquity 

HealthEquity has a vision that by 2030 we will make HSAs as wide-spread and popular as retirement accounts. We are passionate about providing a solution that allows American families to connect health and wealth. Join us and discover a work experience where the person is valued more than the position. Click here to learn more. 

Come be your authentic self

HealthEquity, Inc. is an equal opportunity employer that is committed to inclusion and diversity. We take affirmative action to ensure equal opportunity for all applicants without regard to race, age, color, religion, sex, sexual orientation, gender identity, national origin, status as a qualified individual with a disability, veteran status, or other legally protected characteristics. HealthEquity is a drug-free workplace. For more information about our EEO policy, or about HealthEquity’s applicant disability accommodation, drug-free-workplace, background check, and E-Verify policies, please visit our Careers page.

HealthEquity is committed to your privacy as an applicant for employment.  For information on our privacy policies and practices, please visit HealthEquity Privacy.