How would you like to work in a place where your contributions and ideas are valued? A place where you can serve with compassion, pursue excellence and honor every voice? At Wellstar, our mission is simple, yet powerful: to enhance the health and well-being of every person we serve. We are proud to have become a shining example of what's possible when the brightest professionals dedicate themselves to making a difference in the healthcare industry, and in people's lives.
Work Shift
Job Summary:
The Insider Threat program is a standalone part of an advanced analytics capability of the larger Security Operations Program that provides comprehensive Computer Network Defense and Response support through monitoring and analysis of potential threat activity targeting the enterprise. The Team Lead, Insider Threat will conduct advanced security event analytics, insider threat monitoring, log analysis and case management. In support of this vital mission, WellStar Security Operations staff are on the forefront of providing Advanced Operations, and Systems Engineering support to include the development of advanced analytics and countermeasures to protect critical assets from hostile adversaries. To ensure the integrity, security and resiliency of critical operations, we are seeking candidates with diverse backgrounds in cyber security systems operations analysis and incident response.
Core Responsibilities and Essential Functions:
Strategy and Leadership
Provide leadership and work in partnership with IT, HR, Legal and other cross-functional teams
Provide thought leadership to identify issues, develop alternatives, provide recommendations, and implement decisions on an ongoing basis for critical program issues
Present relevant insider threat details to director and senior leaders
Proactively work to develop relationships across the company and provide specialized support by gathering, handling, examining, preparing, entering, searching, retrieving, identifying and/or comparing digital and/or physical evidence
Technical Implementation
Assess existing capabilities, identify gaps, and develop technical and non-technical indicators
Provide system engineering, security engineering, programmatic integration, technical support documents, and expert assistance on solutions to enable the insider threat program operations and coordination
Work with architecture to deploy and implement solutions as securely and effectively as possible
Aggregate, analyze, and evaluate technical data sources to identify insider risks
Evaluating tools for efficacy and interoperability with existing tool sets (data sources)
Integrating new data sources with existing detection tools Supporting testing, implementation, and updating of insider threat detection rules and policies as needed
Knowledge of DLP technologies like McAfee/Symantec DLP Suite, McAfee/Symantec Cloud Access Security Broker (CASB), Microsoft Security Suite M365 (Defender, DLP for OneDrive, etc.), and Microsoft AIP.
Knowledge of UEBA/UBA technologies such as Exabeam, Varonis, Qradar and Microsoft Cloud App Security.
Broad understanding of IT security concepts and Defense-in-Depth practices.
Conduct security investigations
Manage day-to-day evaluation, analysis, and investigation of potential insider threat events
Work with the director to support highly sensitive, complex, and confidential insider threat investigations into incidents of data loss and intellectual property theft, technology misuse, conflict of interest, etc
Reporting, Metrics and Training
Create documentation including playbooks, procedures, and policies
Provide metrics to show program effectiveness and maturity
Participate in industry peer working groups to stay abreast of the latest technologies and emerging threats.
Lead, develop, and maintain Insider Threat performance measures, determining appropriate metrics, methodologies, tools, and procedures
Cross Functional Liaison
Ensure compliance with industry and regulatory standards including local laws at global locations.
Act as subject matter expert (SME) spokesperson for all technical aspects of the Insider Threat Program Operations
Performs other duties as assigned
Complies with all WellStar Health System policies, standards of work, and code of conduct.
Required Minimum Education:
- Bachelors Information Security or Bachelors Computer Science or Bachelors Other or Masters Information Security-Preferred
Required Minimum License(s) and Certification(s):
All certifications are required upon hire unless otherwise stated.
Additional License(s) and Certification(s):
CISSP - Cert Info Sys Security Pro Preferred
Security+ Preferred
Network+ Preferred
CEH Preferred
Required Minimum Experience:
Minimum 5 years information security, IT audit or a related field
Required and
Insider Threat Investigations utilizing tools such as DLP, CASB, UEBA.
Required and
Experience with information security principles, industry standards, and best practices Required
Required Minimum Skills:
Strategic planning and the development of supporting policies and procedures. Low
Technical lead/project leader experience in planning, implementing, and supporting enterprise information security solutions. Medium
Project management. Medium
Develop and manage key stakeholder relationships. Medium
Effectively coordinating work on multiple and diversified tasks while working with conflicting priorities and deadline. Medium
Ability to balance business requirements, patient safety and security risks. Medium
Ability to function with highly dynamic results-driven and high-pressure environment in order to achieve required objectives. Low
Strong attention to detail and problem solving skills. Medium
Able to work independently and on a team. Medium
Creative thinking and ability to "think outside the box". Medium
Knowledge of HIPAA Security Rule, PCI DSS and NIST CSF. Medium
Join us and discover the support to do more meaningful work—and enjoy a more rewarding life. Connect with the most integrated health system in Georgia, and start a future that gives you more.
