Insider Threat Intelligence Lead Analyst

The Intelligence Lead Analyst is a senior level professional responsible for driving efforts to prevent, monitor and respond to information/data breaches and cyber-attacks. The overall objective of this role is to ensure the execution of Information Security directives and activities in alignment with Citi's data security policy.

Responsibilities:

• Analyze regional threat data and determine a correlation if any, to existing intelligence requirements

• Monitor and research cyber threats with a direct or indirect impact to the Citi brand

• Research and identify malicious activity by performing post-mortem analysis on logs, traffic flows, and other activities

• Conduct intrusion analyses to ascertain the impact of an attack, and develop mitigation techniques for future attacks

• Evaluate networks and programs to assess potential weaknesses and points of entry

• Analyze and present to senior leadership discovered patterns to forecast future cyber-attacks and their potential impact

• Liaise with intelligence communities, law enforcement, industry partners, peer financial institutions, and information sharing communities

• Triage, process, analyze, and disseminate intelligence alerts, reports, and briefings

• Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency.

Qualifications:

• 6-10 years of relevant experience

• Should have a working knowledge in one or more of the following areas: Advanced Persistent Threat, Third Party Risks/Threats, Cybercrime, Extremist Groups and Cyber Terrorists, Hacktivism, Distributed Denial of Service attacks, Fraud, Malware, Mobile Threats

• Consistently demonstrates clear and concise written and verbal communication

• Proven influencing and relationship management skills

• Proven analytical skills

Education:

• Bachelor’s degree/University degree or equivalent experience

• Master’s degree preferred

 

• This position will report to the Global CSIS Insider Threat and Investigative Intelligence Program Manager.

• Collect Insider Threat intelligence from various sources relevant to the firm and the industry to conduct risk assessments.

• Analyze the insider risks and potential impact of an incident and make recommendations on controls and mitigation.

• Develop and lead training engagements based on identified internal and external Insider Threat trends, activities and methodologies.

• Brief findings from Insider Threat cases to improve behavioral baselines, update network analysis, and improve indicators to identify future threats.

• Update workflows and process to ensure alignment with CSIS investigation programs.

• Gather both technical and non-technical data, analyze information and draw conclusions supported by facts, and develop written reports of findings.

• Identify and incorporate technologies able to facilitate incident management and referrals.

• Create presentations and brief senior managers.

• Liaison with a broad network of partners and peer institution levels to develop best practices.

• Create, develop, and update charter, runbooks, playbooks, workflows, processes, procedures, and other documentation as needed.

• Help track and manage metrics (KPIs/KRIs) to ensure the advancement of the program. 

• Develop and lead training engagements based on identified internal and external Insider Threat trends, activities and methodologies.

• Brief findings from Insider Threat cases to improve behavioral baselines, update network analysis, and improve indicators to identify future threats.

• Additional working knowledge areas could include: insider threat, OSINT, counterintelligence.

• Experience with host-based detection tools and advanced analytic methodologies (i.e. DTEX, Symantec DLP, Microsoft Office 365) a plus.

• Experience with enterprise level software tools to analyze large data sets and system logs (i.e. Splunk, PowerBI) a plus.

• Insider Threat Program Manager certificate a plus.

• Some corporate experience a plus.

• Additional working knowledge areas could include: insider threat, OSINT, counterintelligence.

This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.

------------------------------------------------------

Job Family Group:

Technology

------------------------------------------------------

Job Family:

Information Security

------------------------------------------------------

Time Type:

Full time

------------------------------------------------------

Primary Location:

Tampa Florida United States

------------------------------------------------------

Primary Location Full Time Salary Range:

$113,840.00 - $170,760.00

In addition to salary, Citi’s offerings may also include, for eligible employees, discretionary and formulaic incentive and retention awards. Citi offers competitive employee benefits, including: medical, dental & vision coverage; 401(k); life, accident, and disability insurance; and wellness programs. Citi also offers paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays. For additional information regarding Citi employee benefits, please visit citibenefits.com. Available offerings may vary by jurisdiction, job level, and date of hire.

------------------------------------------------------

Anticipated Posting Close Date:

Feb 06, 2025

------------------------------------------------------

Citi is an equal opportunity and affirmative action employer.

Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View the "EEO is the Law" poster. View the EEO is the Law Supplement.

View the EEO Policy Statement.

View the Pay Transparency Posting