Citi Group Insider Threat Intelligence Lead Analyst 

United States, Florida, Jacksonville 

34030229

• Analyze regional threat data and determine a correlation if any, to existing intelligence requirements
• Monitor and research cyber threats with a direct or indirect impact to the Citi brand
• Research and identify malicious activity by performing post-mortem analysis on logs, traffic flows, and other activities
• Conduct intrusion analyses to ascertain the impact of an attack, and develop mitigation techniques for future attacks
• Evaluate networks and programs to assess potential weaknesses and points of entry
• Analyze and present to senior leadership discovered patterns to forecast future cyber-attacks and their potential impact
• Liaise with intelligence communities, law enforcement, industry partners, peer financial institutions, and information sharing communities
• Triage, process, analyze, and disseminate intelligence alerts, reports, and briefings
• Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency.

• 6-10 years of relevant experience
• Should have a working knowledge in one or more of the following areas: Advanced Persistent Threat, Third Party Risks/Threats, Cybercrime, Extremist Groups and Cyber Terrorists, Hacktivism, Distributed Denial of Service attacks, Fraud, Malware, Mobile Threats
• Consistently demonstrates clear and concise written and verbal communication
• Proven influencing and relationship management skills
• Proven analytical skills

• Bachelor’s degree/University degree or equivalent experience
• Master’s degree preferred

• This position will report to the Global CSIS Insider Threat and Investigative Intelligence Program Manager.
• Collect Insider Threat intelligence from various sources relevant to the firm and the industry to conduct risk assessments.
• Analyze the insider risks and potential impact of an incident and make recommendations on controls and mitigation.
• Develop and lead training engagements based on identified internal and external Insider Threat trends, activities and methodologies.
• Brief findings from Insider Threat cases to improve behavioral baselines, update network analysis, and improve indicators to identify future threats.
• Update workflows and process to ensure alignment with CSIS investigation programs.
• Gather both technical and non-technical data, analyze information and draw conclusions supported by facts, and develop written reports of findings.
• Identify and incorporate technologies able to facilitate incident management and referrals.
• Create presentations and brief senior managers.
• Liaison with a broad network of partners and peer institution levels to develop best practices.
• Create, develop, and update charter, runbooks, playbooks, workflows, processes, procedures, and other documentation as needed.
• Help track and manage metrics (KPIs/KRIs) to ensure the advancement of the program.
• Develop and lead training engagements based on identified internal and external Insider Threat trends, activities and methodologies.
• Brief findings from Insider Threat cases to improve behavioral baselines, update network analysis, and improve indicators to identify future threats.
• Additional working knowledge areas could include: insider threat, OSINT, counterintelligence.
• Experience with host-based detection tools and advanced analytic methodologies (i.e. DTEX, Symantec DLP, Microsoft Office 365) a plus.
• Experience with enterprise level software tools to analyze large data sets and system logs (i.e. Splunk, PowerBI) a plus.
• Insider Threat Program Manager certificate a plus.
• Some corporate experience a plus.
• Additional working knowledge areas could include: insider threat, OSINT, counterintelligence.

This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.

Anticipated Posting Close Date:

View the " " poster. View the .

View the .

View the