Your opportunity
At Schwab, you’re empowered to make an impact on your career. Here, innovative thought meets creative problem solving, helping us “challenge the status quo” and transform the finance industry together.
We are expanding our Insider Threat Operations Team. We are seeking a highly skilled and motivated individual to serve as the Lead Insider Threat Incident Response and Escalation Analyst. In this role, you will be responsible for leading investigations and responses to potential insider threat incidents. You will manage escalations, conduct thorough risk assessments, and work cross-functionally to mitigate threats to our organization.
You will develop and implement procedures to detect, monitor, and respond to potential insider threats. Collaborate with cross-functional teams to assess impact and recommend corrective actions. Conduct post-incident analysis to identify root causes and improve the organization's insider threat detection and response capabilities.
This position is a unique opportunity to shape and enhance the maturity of our insider threat program by leveraging advanced analytics and incident response best practices.
What you have:
You are discreet, thoughtful, and seek to coordinate systemic, cross functional solutions to mitigate risk. You are familiar with Insider Threat technologies (such as Security Information Event Management - SIEM, User Entity Behavioral Analytics - UEBA, Data Loss Prevention - DLP) and understand investigations and/or the intelligence cycle.
Key Responsibilities:
- Lead Incident Response:
- Function as the primary point of contact for insider threat incidents, managing the full lifecycle of incident response activities, including detection, investigation, mitigation, and post-incident reviews.
- Investigation and Analysis:
- Conduct detailed forensic investigations of insider threat events using User and Entity Behavior Analytics (UEBA) tools, SIEM platforms, and other relevant technologies.
- Identify patterns of behavior indicative of potential insider threats and collaborate with stakeholders to mitigate risks.
- Incident Escalation Management:
- Develop and manage escalation processes, ensuring timely and efficient communication with key stakeholders, including legal, HR, and executive teams, as necessary.
- Ensure incidents are properly escalated and managed according to company policy and industry best practices.
- Risk Assessment and Mitigation:
- Perform risk assessments of insider threats, including malicious, negligent, and accidental insider actions.
- Recommend and implement corrective actions or risk mitigation strategies in collaboration with various business units.
- Collaboration and Communication:
- Work closely with security defense and operations, HR, legal, and other departments to coordinate a unified response to insider threat incidents.
- Prepare and present detailed reports and briefings on incident response findings to technical and non-technical audiences.
- Program Development:
- Assist in refining and maturing the insider threat program by improving detection, response processes, and escalatory pathways.
- Provide input to maintain and update incident response plans, playbooks, and escalation procedures to reflect evolving threats and organizational changes.
- Provide insights and recommendations for enhancing security awareness and training initiatives.
What you have
Required qualifications:
- Proven history in managing and responding to complex insider threat incidents.
- Strong understanding of UEBA tools and technology, digital forensics, and data loss prevention (DLP) strategies.
- Familiarity with SIEM platforms, data analytics tools, and insider threat indicators and detection methods.
- Experience with scripting and automation (e.g., BigQuery, Python, PowerShell) is a plus.
- Strong analytical and critical thinking skills.
- Ability to work independently and as part of a team in a high-pressure, fast-paced environment.
- Competent in collecting, analyzing, and interpreting qualitative and quantitative data from multiple sources, documenting results, and analyzing findings to provide viable threat intelligence.
- Excellent verbal and written communication skills and you are comfortable composing briefs and assessments for leadership.
- Experience maintaining and generating audit evidence for internal and external regulatory compliance.
Preferred qualifications:
- 10+ years related experience including leading investigations, incident response and escalations
- Bachelor’s degree in computer science or related field
- Relevant certifications such as CISSP, CISM, CISA, GIAC, or insider threat-specific credentials (e.g., Certified Insider Threat Program Manager).
- Knowledge of legal and regulatory requirements surrounding insider threat and data protection (e.g., GDPR, CCPA, etc.).
What’s in it for you
At Schwab, we’re committed to empowering our employees’ personal and professional success. Our purpose-driven, supportive culture, and focus on your development means you’ll get the tools you need to make a positive difference in the finance industry. Our Hybrid Work and Flexibility approach balances our ongoing commitment to workplace flexibility, serving our clients, and our strong belief in the value of being together in person on a regular basis.
We offer a competitive benefits package that takes care of the whole you – both today and in the future:
- 401(k) with company match and Employee stock purchase plan
- Paid time for vacation, volunteering, and 28-day sabbatical after every 5 years of service for eligible positions
- Paid parental leave and family building benefits
- Tuition reimbursement
- Health, dental, and vision insurance