UDDF DLP & Insider Threat - Info Sec

How would you like to work in a place where your contributions and ideas are valued? A place where you can serve with compassion, pursue excellence and honor every voice? At Wellstar, our mission is simple, yet powerful: to enhance the health and well-being of every person we serve. We are proud to have become a shining example of what's possible when the brightest professionals dedicate themselves to making a difference in the healthcare industry, and in people's lives. Work Shift Job Summary: The Insider Threat program is a standalone part of an advanced analytics capability of the larger Security Operations Program that provides comprehensive Computer Network Defense and Response support through monitoring and analysis of potential threat activity targeting the enterprise. The Team Lead, Insider Threat will conduct advanced security event analytics, insider threat monitoring, log analysis and case management. In support of this vital mission, WellStar Security Operations staff are on the forefront of providing Advanced Operations, and Systems Engineering support to include the development of advanced analytics and countermeasures to protect critical assets from hostile adversaries. To ensure the integrity, security and resiliency of critical operations, we are seeking candidates with diverse backgrounds in cyber security systems operations analysis and incident response. Core Responsibilities and Essential Functions: Strategy and Leadership Provide leadership and work in partnership with IT, HR, Legal and other cross-functional teams Provide thought leadership to identify issues, develop alternatives, provide recommendations, and implement decisions on an ongoing basis for critical program issues Present relevant insider threat details to director and senior leaders Proactively work to develop relationships across the company and provide specialized support by gathering, handling, examining, preparing, entering, searching, retrieving, identifying and/or comparing digital and/or physical evidence Technical Implementation Assess existing capabilities, identify gaps, and develop technical and non-technical indicators Provide system engineering, security engineering, programmatic integration, technical support documents, and expert assistance on solutions to enable the insider threat program operations and coordination Work with architecture to deploy and implement solutions as securely and effectively as possible Aggregate, analyze, and evaluate technical data sources to identify insider risks Evaluating tools for efficacy and interoperability with existing tool sets (data sources) Integrating new data sources with existing detection tools Supporting testing, implementation, and updating of insider threat detection rules and policies as needed Knowledge of DLP technologies like McAfee/Symantec DLP Suite, McAfee/Symantec Cloud Access Security Broker (CASB), Microsoft Security Suite M365 (Defender, DLP for OneDrive, etc.), and Microsoft AIP. Knowledge of UEBA/UBA technologies such as Exabeam, Varonis, Qradar and Microsoft Cloud App Security. Broad understanding of IT security concepts and Defense-in-Depth practices. Conduct security investigations Manage day-to-day evaluation, analysis, and investigation of potential insider threat events Work with the director to support highly sensitive, complex, and confidential insider threat investigations into incidents of data loss and intellectual property theft, technology misuse, conflict of interest, etc Reporting, Metrics and Training Create documentation including playbooks, procedures, and policies Provide metrics to show program effectiveness and maturity Participate in industry peer working groups to stay abreast of the latest technologies and emerging threats. Lead, develop, and maintain Insider Threat performance measures, determining appropriate metrics, methodologies, tools, and procedures Cross Functional Liaison Ensure compliance with industry and regulatory standards including local laws at global locations. Act as subject matter expert (SME) spokesperson for all technical aspects of the Insider Threat Program Operations Performs other duties as assigned Complies with all WellStar Health System policies, standards of work, and code of conduct. Required Minimum Education: Bachelors Information Security or Bachelors Computer Science or Bachelors Other or Masters Information Security-Preferred Required Minimum License(s) and Certification(s): All certifications are required upon hire unless otherwise stated. Additional License(s) and Certification(s): CISSP - Cert Info Sys Security Pro Preferred Security+ Preferred Network+ Preferred CEH Preferred Required Minimum Experience: Minimum 5 years information security, IT audit or a related field Required and Insider Threat Investigations utilizing tools such as DLP, CASB, UEBA. Required and Experience with information security principles, industry standards, and best practices Required Required Minimum Skills: Strategic planning and the development of supporting policies and procedures. Low Technical lead/project leader experience in planning, implementing, and supporting enterprise information security solutions. Medium Project management. Medium Develop and manage key stakeholder relationships. Medium Effectively coordinating work on multiple and diversified tasks while working with conflicting priorities and deadline. Medium Ability to balance business requirements, patient safety and security risks. Medium Ability to function with highly dynamic results-driven and high-pressure environment in order to achieve required objectives. Low Strong attention to detail and problem solving skills. Medium Able to work independently and on a team. Medium Creative thinking and ability to "think outside the box". Medium Knowledge of HIPAA Security Rule, PCI DSS and NIST CSF. Medium Join us and discover the support to do more meaningful work—and enjoy a more rewarding life. Connect with the most integrated health system in Georgia, and start a future that gives you more. Apply To This Job