Insider Risk Business Analyst - Vice President

Role Description

SMBC is seeking an Insider Risk Business Analyst with a strong passion for cybersecurity processes, data, and analytics. The candidate must be a highly motivated individual with strong interpersonal skills able to leverage their technical, insider risk, cybersecurity, threat analysis, and/or counterintelligence experience. The position will work closely with various partners within the firm including but not limited to HR, Legal, Cybersecurity, and Technology, as well as external partners. The ability to work effectively with a diverse set of stakeholders is essential. The role requires creativity, critical thinking, strong communication skills, and the ability to work effectively across a large global organization.

This role will report to the Head of Insider Risk for SMBC Americas Division. This is a hybrid role, requiring the successful candidate to attend our Charlotte office. 

Role Objectives

• Responsible for critical strategic deliverables for the Insider Risk Program executed in accordance with data privacy and legal requirements and expectations.
• Work with a team of analysts conducting triage of events generated by monitoring use cases, producing contextual data-driven analysis of insider incidents, risk analysis, and threat assessment.
• Analyze data and identify anomalous activity for investigation, escalation to other SMEs, and cross-functional coordination of mitigation strategies.
• Monitor internal and external Intel for notable insider events & perform insider incident topology analysis for risk and response action assessment.
• Provide SME-level support on insider risk matters leveraging deep knowledge of insider risk, cyber security, and counterintelligence.
• Communicate complex problem sets in succinct and clear manner that is understandable to a variety audience across the firm.
• Help align and socialize the insider risk program across multiple stakeholders, senior managers, and executives; synthesize findings and present updates and recommendations.
• Lead the development of program governance documentation, including definition of roles and responsibilities and support compliance with the control environment.
• Work and collaborate with critical stakeholders, within the firm, financial sector, across other industries and the U.S. Government, to stay abreast of industry trends and best practices.

Qualifications and Skills

• 10+ years relevant work experience supporting an insider risk, cybersecurity and/or counterintelligence program, investigations, or risk analysis; assessing complex threats; scoping and developing mitigation strategies in coordination with cross-functional teams and technical domains.
• Minimum of an Undergraduate degree, preferably a master’s degree related to Intelligence Studies, Forensic Science, Security Studies, Computer Science, Cybersecurity, Data Analysis, or a related field.
• Experience conducting risk assessments and in-depth multi-source research on threat actors, tactics, techniques, and emerging trends to inform risk scenarios, evaluate control environment and develop mitigation strategies.
• Experience managing business objectives and outcomes.
• Proven ability to strategize and demonstrate ‘out of the box’ thinking and creativity in order, to solve complex problems and deliver practical and effective results.
• Experience in data analysis, design, implementation, and management of enterprise-wide security initiatives related to insider risk.
• Experience building successful sustainable relationships across lines of business and with technical partners to develop detection and mitigation strategies.
• Ability to handle of pressure associated with complex projects in a demanding environment.
• Very strong oral and written communication skills, with focus on attention to detail; experience communicating with senior levels.
• Ability to leverage multiple data sets and tools to support complex analysis.
• Strong negotiation and influence skills with all levels of organization as well as the ability to influence people who do not report to you to achieve results.

Additional Requirements