Search by job, company or skills

DFI Retail Group

Data and Insider Threat Security Manager

5-7 Years
Save
  • Posted 2 days ago
  • Be among the first 10 applicants
Early Applicant

Job Description

Is this your next challenge as a Data and Insider Threat Security Manager

The challenge is to:

The Data and Insider Threat Security Manager will design and implement technical controls to protect sensitive data and detect, investigate, and reduce insider-driven risk across the organization. This role will help establish secure monitoring and response patterns for data access, data movement, privileged activity, and anomalous user behavior, while working with data, infrastructure, IAM, cloud, HR, legal, and SOC teams to strengthen data security and insider threat detection capabilities.

Key responsibilities

  • Develop and maintain insider threat and data misuse threat models covering unauthorized access, excessive privilege use, data exfiltration, privilege abuse, sabotage, policy circumvention, anomalous user behavior, third-party misuse, and negligent handling of sensitive information.
  • Define security requirements and reference architectures for protecting sensitive data across endpoints, email, SaaS, cloud storage, file shares, databases, analytics platforms, and collaboration tools.
  • Design and implement controls for data classification, labeling, discovery, access governance, encryption, tokenization where applicable, and monitoring of sensitive data flows across structured and unstructured environments.
  • Establish technical controls for insider risk detection, including user activity monitoring, behavioral analytics, DLP policies, access anomaly detection, session logging, and privileged activity oversight.
  • Work with IAM, PAM, endpoint, cloud, and platform teams to secure identities, service accounts, privileged access paths, and high-risk administrative activities that could lead to insider misuse or data loss.
  • Build and tune detections for suspicious access patterns, unusual downloads, bulk transfers, policy violations, data staging, removable media activity, abnormal sharing behavior, and attempts to bypass security controls.
  • Integrate telemetry from DLP, UEBA, IAM, PAM, EDR/XDR, email security, SaaS platforms, cloud logs, and data repositories into SIEM and SOAR workflows for triage, enrichment, and case management.
  • Partner with SOC, HR, legal, privacy, compliance, and internal audit teams to support insider threat investigations, evidence handling, escalation criteria, and response playbooks in line with legal and privacy requirements.
  • Design and execute use case validation, detection testing, and control assurance exercises for insider risk and sensitive data protection scenarios.
  • Support monitoring of high-risk populations, critical assets, and sensitive business processes using a risk-based approach aligned with business context and approved governance controls.
  • Contribute to insider threat standards, data protection requirements, monitoring governance, retention requirements, and third-party security assessments involving access to sensitive data.
  • Produce operational metrics and reporting on alert quality, detection coverage, false positives, investigation outcomes, control effectiveness, and data protection posture improvements.

Do you have experience as a Data and Insider Threat Security Manager

Required experience and skills

  • 5+ years of experience in cybersecurity, security engineering, data security, detection engineering, insider risk, security operations, or security architecture.
  • Strong foundation in data security, IAM, DLP, SIEM, UEBA, endpoint security, cloud security, or security monitoring architecture.
  • Demonstrated understanding of insider threat concepts, including misuse of authorized access, anomalous behavior detection, data exfiltration techniques, and risk indicators across users, devices, and repositories.
  • Experience designing or securing controls around access to sensitive data, privileged access, service-to-service access, and user activity logging.
  • Familiarity with data protection architecture across M365, endpoints, file stores, databases, cloud platforms, and SaaS environments.
  • Working knowledge of SIEM, SOAR, DLP, UEBA, case management, and evidence preservation practices used in insider risk detection and response.
  • Ability to work effectively with infrastructure teams, IAM teams, legal, HR, privacy, and business stakeholders to implement controls without creating unnecessary operational friction.
  • Strong communication, documentation, and stakeholder engagement capability.
  • Demonstrated experience in building detections, tuning analytics, investigating anomalous user behavior, or implementing data security controls through operational projects or engineering work

Nice to have

  • Hands-on experience with Microsoft Purview, Microsoft Defender, Sentinel, DLP or similar insider risk and data protection platforms.
  • Experience securing and monitoring M365, SaaS collaboration platforms, cloud storage, and enterprise file-sharing services.
  • Experience with UEBA, insider risk programs, digital forensics, or investigation support.
  • Programming or scripting capability in Python, PowerShell, KQL, or SQL.
  • Experience integrating data security and insider threat telemetry into SIEM, SOAR, ITSM, or case management workflows.
  • Familiarity with privacy, labor, evidence-handling, and monitoring governance requirements in multinational environments.
  • Exposure to high-risk user monitoring, critical asset protection, and cross-functional insider threat working groups.

Nice-to-have certifications or training

  • CISSP
  • CISM
  • CCSP

If you have the right skills and experience, this is an opportunity to build your career with Asia's leading retailer.

DFI Retail Group is an equal opportunity employer and responsible for ensuring that all personal information collected from each Candidate presented to DFI Retail Group is used for recruitment purposes only and the personal data will be kept and handled confidentially. We will retain the applications of candidates not selected for a period of no more than 24 months. The data collection process is in accordance with all applicable laws and compliant with the Code of Practice on Human Resource Management

To find out more about Our Businesses and Our People, please visit our website: https://www.DFIretailgroup.com

More Info

Job Type:
Industry:
Function:
Employment Type:

About Company

Job ID: 150939367