Insider Threat Program Lead

About The Position

Requirements

• BA or BS degree in Homeland Security, Law Enforcement, Security Studies, Counterintelligence, Information Technology, Cybersecurity, Leadership, or a related field.
• Minimum of eight years of experience working in a tactical operations environment such as law enforcement, DOE security functions (e.g. protective force, physical security), counterintelligence, emergency management functions, or insider threat detection. A combination of education and experience may be considered.
• Familiarity with DOE O 470.5A, national insider threat standards, and supporting compliance frameworks.
• Strong written/oral communication skills; able to brief senior leaders and produce detailed, high-quality reports.
• Field experience with emergency operations and scene triage.
• Familiarity with National Incident Command System (ICS).
• Deep knowledge of Search and Seizure law.

Nice To Haves

• MA or MS degree in Homeland Security, Law Enforcement/Criminal Justice, Security Studies, Counterintelligence, Leadership, or a related field.
• 10+ years experience working in a tactical operations environment such as law enforcement, DOE security functions (e.g. protective force, physical security), counterintelligence, emergency management functions, or insider threat detection. A combination of education and experience may be considered.
• Strong analytical skills, attention to detail, ability to prioritize and manage multiple tasks in a fast-paced environment.
• Experience conducting investigations, interviews, and case preparation.
• Experience in a lead or supervisory role with rapid assessment/problem solving skills.
• Experience/certifications in instructing/public speaking.
• Ability to successfully manage high-stress situations and complex, multi-tiered operations.
• Experience with/knowledge of applicable Labor Laws.
• Experience standing up or operating local insider threat constructs in a cleared environment.
• Demonstrated capability integrating multi-source data (personnel, law enforcement, security, cyber, etc.).
• Technical familiarity with User Activity Monitoring (UAM), insider threat analytics, incident response, and complex investigation methods.
• Experience working with or coordinating local insider threat programs such as LITWGs, Threat Assessment/Mitigation teams, or ARCs.
• Experience using AI-enabled tools to improve operational efficiency or reporting.

Responsibilities

• Ensure contractor compliance with the requirements outlined in the Contractor Requirements Document (CRD) of DOE O 470.5A and relevant federal directives (e.g., 32 CFR Part 117, Presidential/Executive direction including EO 13587).
• Create, maintain, and continuously improve the ORNL Insider Threat Program Plan and related site procedures (e.g. SBMS content as applicable).
• Ensure the program’s collection, retention, safeguarding, and disposition of records/data complies with Privacy Act requirements and National Archives and Records Administration (NARA) records requirements.
• Coordinate with the Local Insider Threat Working Group (LITWG) and ensure accountability for all insider threat response actions.
• Serve as the focal notification entity for reported insider/outsider threat information; conduct initial triage to determine credibility, threshold, risk level, and required actions.
• Conduct analysis to identify, deter, and mitigate insider threat risk; develop site-specific risk management strategies in coordination with LITWG.
• Act as the primary investigator/case agent/analyst for non-CI (or undetermined) matters; coordinate with CI and support CI investigations as requested/appropriate
• Conduct inquiries/investigations, including evidence gathering, interviews, documentation, and case management.
• Facilitate contractor access to insider threat information, including personnel files, supervisory records, security data, cybersecurity logs, and other records required for analysis and response under DOE guidance.
• Report incidents/information to the DOE Analysis and Referral Center (ARC) as required; provide contractor-derived data, reports, and assessments to DOE entities as appropriate.
• Serve as ORNL’s primary liaison with DOE insider threat counterparts (e.g., DOE OITP/IN/EHSS as applicable) and participate in DOE meetings (including LITWG meetings).
• Serves as the ORNL law enforcement liaison officer and coordinate with law enforcement and request assistance when needed; compile and analyze information and coordinate referrals as appropriate.
• Develop, deliver, and oversee contractor insider threat training in compliance with DOE O 470.5A, including initial awareness and annual refresher instruction covering detection methodologies, CI protocols, adversarial recruitment indicators, and workplace threat reporting procedures.
• Maintain training records for contractor employees and provide annual certification reports to the Head of Field Elements or requestor as needed.
• Responsible for planning and execution of all ORNL VIP visits, coordinating with local law enforcement, Protective Force, and the protocol office.
• Provide support to Physical Security with Adverse Action planning and execution (if needed).
• Support emergency response coordination and provide 24/7 response when needed for significant incidents affecting ORNL security interests.
• Perform other duties as assigned by management consistent with the role.

Benefits

• Prescription Drug Plan
• Dental Plan
• Vision Plan
• 401(k) Retirement Plan
• Contributory Pension Plan
• Life Insurance
• Disability Benefits
• Generous Vacation and Holidays
• Parental Leave
• Legal Insurance with Identity Theft Protection
• Employee Assistance Plan
• Flexible Spending Accounts
• Health Savings Accounts
• Wellness Programs
• Educational Assistance
• Relocation Assistance
• Employee Discounts