Security Response Analyst II (Insider Threat)

Our Purpose Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we’re helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential. Title and Summary Security Response Analyst II (Insider Threat) Mission First, People Always As Corporate Security, we are responsible for keeping Mastercard safe and secure from cyber and physical threats, and it is our people on the front who make this happen every day. By taking care of our people, their well-being, and their career development, we provide them with the necessary tools and environment to ensure the success of our mission. Overview The Security Event Management group is looking for a highly motivated team member to join our technical security investigative team as an Insider Threat Security Monitoring and Response Analyst II. As an Insider Threat analyst, you will work with a global team of like-minded specialists to flex your cybersecurity skills and talents to protect Mastercard’s data, networks, and systems from potential insider threats. As an Insider Threat analyst on our team, you will be involved in analysing anomalous behaviour to identify suspected Insider Threats detected by our cyber security tools, such as Data Loss Prevention (DLP), User Activity Monitoring (UAM) and User Behaviour Analytics (UBA). Your day-to-day role will include triaging of alerts and incident escalations from the Security Operations Centre (SOC), conducting in-depth log analysis, generating incident reports, and documenting incidents in our case management system. You will also play a key role in maintaining and enhancing Corporate Security and Insider Threat security policies and work with key stakeholders to balance security initiatives with business, privacy and legal requirements. Additionally, you will support other members of the team and work with the team to enhance Insider Threat processes, documentation, and capability, and develop new ways of protecting the organisation against changing Insider Threat ‘Tactics, Techniques, and Procedures’ (TTPs). In this role, you will be: • Responding to Insider Threat incidents and alerts by analysing security event logs and user activities, providing findings to stakeholders for escalation, and documenting incident activities in the case management system. • Utilising our monitoring tools to gather data to identify insider threat trends and anomalies and using these findings to enhance our insider threat capability. • Creating and implementing countermeasures to specific weaknesses against known insider threat tactics, techniques, and procedures (TTPs) • Assisting with reviewing Data Loss Prevention (DLP) controls and assisting internal users impacted by our tools. • Establishing and maintaining Chain of Custody for any electronic data and evidence handled by the Insider Threat team. • Documenting and improving existing processes, aligning to industry standards and frameworks where appropriate (ISO, NIST, MITRE etc). • Reporting and providing metrics to leadership on key performance indicators as needed. • Interfacing with key internal stakeholders from other areas of the business such as HR, legal, and privacy teams to ensure customer needs are documented and met. • Working with other investigative teams, such as the SOC, to resolve high priority incidents. • Conducting risk assessments on insider threat security gaps and present findings to senior management and key stakeholders. • Collaborating with engineering teams to deliver capability improvements to Insider Threat tool set. All About You The ideal candidate for this position should:  • Experience with investigative or te ... (truncated, view full listing at source)