Insider Risk Management Lead
AbbVie's mission is to discover and deliver innovative medicines that solve serious health issues today and address the medical challenges of tomorrow. We strive to have a remarkable impact on people's lives across several key therapeutic areas: immunology, oncology, neuroscience, eye care, virology, women's health and gastroenterology, in addition to products and services across its Allergan Aesthetics portfolio. For more information about AbbVie, please visit us at www.abbvie.com . Follow @abbvie on Twitter , Facebook , Instagram , YouTube and LinkedIn .
The Insider Risk Management Lead will advance and mature AbbVie's Insider Risk Management Program. The program will focus on the ability to detect data security issues caused by the inadvertent or intentional efforts of personnel (employees, contractors, and partners) authorized to access AbbVie information and systems. The capabilities will focus on using innovative monitoring strategies include machine-learning based behavioral techniques as well as traditional contextual event driven use cases. This role will work closely with the response, engineering, and consultation teams within the data security program and broader cyber security team to advance the needs of a mature Insider Risk Management Program.
- Develop and adhere to a consistent detection mythology to ensure a defendable and consistent approach to identifying abnormal activity.
- Coordinate with legal, privacy, human resource, and compliance internal business partners on the intention and scope of the Insider Risk Management Program.
- Define and improve behavioral analytic use cases to identify suspicious activity for investigation by data security response analysts.
- Collaborate with Information Security teams on the selection, configuration, and operational use of Behavior Analytics platforms (aka UBA, UEBA).
- Define operational metrics and KPI to communicate state of the Insider Risk Management Program.
- Influence and enhance the organization's Data Protection strategy across people, process, and technology
- Support efforts to automate incident detection and response activities, focused on behavior analytics technologies and related incident analysis
- Develop reports, metrics, and presentations for leadership across information security, legal, human resources, and compliance.
- Bachelors degree with 12 years of experience or Masters degree with 10 years of experience
- Ability to analyze and understand technical information; and ability to author clear and concise reports and presentations
- Ability to successfully interact with non-technical in-business contacts
- Strong familiarity with data classification concepts and processes
- Extensive understanding of data loss and data protection processes
- Experience with building a relevant security monitoring and response capability, ideally related to insider risk management or insider threat
- Experienced in a wide variety of technical solutions focused on data protection and cyber security; and experience with data loss prevention products.
- 8+ years in an information security position
- 2+ years operating Behavior Analytics technologies, examples include SAS, Securonix, Gurucul, Exabeam, Splunk, and Interset
- Security certifications (CISSP, CERT ITPM, SANS GSEC; GCFA; GLEG; GCDA) are desired.
Significant Work Activities
Continuous sitting for prolonged periods (more than 2 consecutive hours in an 8 hour day)
Job Level Code
Equal Employment Opportunity
At AbbVie, we value bringing together individuals from diverse backgrounds to develop new and innovative solutions for patients. As an equal opportunity employer we do not discriminate on the basis of race, color, religion, national origin, age, sex (including pregnancy), physical or mental disability, medical condition, genetic information gender identity or expression, sexual orientation, marital status, protected veteran status, or any other legally protected characteristic.