First American Financial Corporation (NYSE: FAF) operates through its family of companies to help people achieve and protect their dream of homeownership. First American was named one of FORTUNE's 100 Best Companies to Work For in 2016 and 2017. With experience dating back to 1889, First American is a leading provider of title insurance protection and settlement services to the real estate and mortgage industries. More information about the company can be found at www.firstam.comJob Summary
The Insider Threat Program (ITP) is the program managing the controls we have in place to mitigate the risk posed by trusted individuals - including employees, contractors, and business partners - authorized to use the organization's information technology systems. The ITP helps us manage the risks due to these threats through specific prevention, detection, and response practices and technologies.
Insider Threat Senior Analysts analyze information and key risk indicators to evaluate insider threat risk. They are responsible for interpreting data points, performing investigations to dispose of cases or escalate true threats, engage with appropriate parties to mitigate risk and performing root cause analysis to continuously enhance our controls. The role will require close collaboration with SecOps, Infrastructure, HR, Legal and Physical Security teams to research cases and root cause.
- Conduct threat analysis, provide assessments of threats and vulnerabilities, produce investigative leads, uncover policy violations, assess risk posed by trusted insiders, oversee the data collection effort, and manage & develop approved data analytics tools
- Prepare and conduct tailored briefings and debriefings, act as a liaison with core business stakeholders to collaborate on ITP investigations and lessons learned
- Continuously evaluate changes in actors, tactics, techniques and targets to enhance threat scenarios and use cases and make recommendations to ensure technology strategy maintains pace with changing insider threat landscape.
- Proactively research & assess Insider Threat tools to identify opportunities for enhanced monitoring and ensuring the ITP is kept in line with Industry standards
- Work with the relevant teams to understand monitoring needs and priority for onboarding
- Work with the Incident Response team to improve review and response processes through ongoing enrichment of alerts
- Assist in the periodic review of rules to validate effectiveness of monitoring and areas of improvement
- Evaluate historical events and incidents to identify trends and methods of data loss.
- Assist with planning and execution of Insider Threat training.
- Coordinate response activities with various stakeholders for ongoing monitoring, analysis, remediation, and recommend mitigation strategies.
- Leverage existing data mining tools and security monitoring tools to collect, search, sort, and organize large amounts of information.
- Tasks range in complexity from simple (engage the correct parties to research threats) to fairly complex (review key risk indicators in aggregate, evaluate root cause)
- Tasks can require originality and ingenuity to evaluate risks and determine appropriate and cost effective controls to mitigate risk
- Latitude is given for independent action
- Participates in brain-storming discussions and does act in an advisory capacity
- Impact of a single error is typically low, but multiple errors can have a significant impact if management cannot rely on the information being provided
- Focus of interaction is with personnel from various departments across the organization including Infrastructure, Information Security, HR, Legal, Compliance, Internal Audit, and members of the business as appropriate
- Does not supervise, provide direction or coordinate team activities
- Experienced personnel can act in a lead capacity to mentor junior personnel
- Minimum 5 years relevant work experience in Information Security, IT Risk Management, or Insider Threat
- Effectively communicate to all levels of the organization including operational personnel executive management
- Gain support and consensus with multiple stakeholders and partners (internal and external)
- Manage multiple initiatives simultaneously, with strong ability to prioritize
- Respond appropriately to potential threats including vetting and assessment of risk
- Customer focused in the context of balancing risk reduction with business needs
- High attention to detail to manage, analyze and finalize artifacts and documents
- Highly developed oral and written communication skills; strong presentation skills
- Highly flexible, adapting to changes in priorities and requirements
- Development and maintenance program-related documentation (e.g., standard operating procedures)
- Ability to quickly learn, communicate and apply technical concepts
- Demonstrated judgement in effectively dealing with highly sensitive information
Knowledge, Skills & Technology:
- In-depth knowledge of IT and Information Security control standards and frameworks (NIST, COBIT, ISO27001, SSAE16/SOC1/SOC2, etc.)
- Familiarity with design of controls and ability to leverage relevant tools from around the organization including Security Operations tools (SIEM, ATA, DLP, etc.), Physical Security tools (CCTV, Badging Systems, etc.)), Identity and Access Management tools
- In-depth knowledge of MS Excel
- Team player with positive energy and good customer service skills
- Ability to work independently, demonstrates initiative, and is a self-starter
- Ability to work effectively with all levels of the organization
First American invests in its employee s development and well-being, empowers them to provide superior customer service and encourages them to serve the communities where they live and work. First American is committed to diversity and inclusion. We are an equal opportunity employer. For more information about our Company and our dedication to putting People First, check out firstam.com/careers.
Associated topics: forensic, identity, idm, information security, information technology security, phish, security analyst, threat, violation, vulnerability