Senior Manager – Insider Risk Detection & Response

About The Position

Requirements

• Technical Skills Deep understanding of insider threat frameworks (NIST, MITRE, CERT Insider Threat Center, etc.).
• Knowledge in: SIEM/SOAR platforms (Google SecOps, Exabeam, Splunk, etc.) Data Governance, Data Loss Prevention (FAM, DLP, CASB) Endpoint and network telemetry (EDR, Email Security Gateway, Firewall etc.) Identity & Access Management (IGA, Badge, SSO, MFA etc.) Expertise in UEBA (User and Entity Behavior Analytics) platform / solutions. Knowledge of cloud platforms and modern workplace environments (M365, Azure, SaaS apps).
• Investigative & Analytical Skills Strong case management, documentation, and evidence‑handling discipline. Ability to analyze behavioral patterns and correlate multi‑source telemetry. Experience conducting sensitive, confidential investigations. Ability to balance technical evidence with human behavior/context.
• Leadership & Communication Skills Experience managing investigations or cybersecurity teams. Excellent communication skills—able to present findings to executives. Ability to work with cross‑functional partners discreetly and collaboratively. Strong decision‑making under pressure.
• Behavioral & Soft Skills High level of integrity and trustworthiness. Discretion when handling sensitive employee data. Strong empathy and emotional intelligence (critical for HR/legal collaborations). Ability to operate in ambiguous situations with minimal information.
• 10–15+ years in cybersecurity, threat detection, digital forensics, or incident response.
• 5–7+ years in a leadership or management role.
• Certifications such as: CISSP, CISM GIAC Insider Threat (GSIP) GIAC Cyber Threat Intelligence (GCTI) CIPP or other privacy certifications

Responsibilities

• Program Leadership & Strategy Develop and maintain the organization’s Insider Risk Program roadmap. Define governance models, policies, workflows, and escalation paths. Align program outcomes with enterprise cybersecurity, legal, HR, and compliance goals. Lead maturity improvements in detection, analytics, automation, and response. Provide executive‑level posture and insights of the program
• Stakeholder Engagement & Cross‑Functional Collaboration Partner closely with HR, Legal, Privacy, Compliance, Physical Security, and SOC leadership. Communicate complex findings to executive leadership in a business‑friendly way. Educate stakeholders on insider risk trends, escalations, and recommended controls. Partner with Legal and Privacy to guide responsible data usage and handling.
• Team Leadership & Operational Management Lead, mentor, and develop a team of insider threat analysts and investigators. Manage workload distribution, case assignments, and performance. Develop training, playbooks, and skill development pathways for the team. Foster a culture of confidential, ethical handling of sensitive issues.
• Detection & Monitoring Oversight Oversee insider threat detection across tools such as: Microsoft Purview Insider Risk Management SIEM/SOAR platforms (e.g., Sentinel, Splunk) Endpoint DLP, CASB, user activity monitoring tools Ensure appropriate telemetry coverage, alert logic, and risk scoring models. Continuously tune detection rules to reduce false positives and improve fidelity.
• Incident Response & Investigations Lead investigations into potential insider threat events involving: Data exfiltration Intellectual property theft Privileged user / role misuse Malicious or accidental violations of export control regulations (in partnership with Trade/Legal) Coordinate cross‑functional response with HR, Legal, Privacy, Compliance, Physical Security, IT, and Security Ops. Ensure investigations are conducted with a high degree of discretion and integrity. Prepare and deliver incident reports, root‑cause summaries, and mitigation recommendations.
• Reporting & Metrics Executive dashboards aligned to enterprise scorecards: Risk trend analysis, Country / BU risk scoring etc. Program maturity / KPIs: detection coverage, cases handled, response times, etc. Recommend policy updates, preventive controls, and automation based on insights.
• Technology, Vendor & Budget Management Oversee external vendors and managed services supporting the program. Own tooling strategy, vendor selection, and lifecycle management. Manage budget and resources for global insider‑risk capabilities.