Principal Cyber Insider Risk Lead

The position is described below. If you want to apply, click the Apply button at the top or bottom of this page. You'll be required to create an account or sign in to an existing one.

If you have a disability and need assistance with the application, you can request a reasonable accommodation. Send an email to Accessibility (accommodation requests only; other inquiries won't receive a response).

Regular or Temporary:

Regular

Language Fluency:  English (Required)

Work Shift:

1st Shift (United States of America)

Please review the following job description:

The Principal Cyber Insider Risk Lead is responsible for leading the enterprise insider risk and e-Discovery program, with a strong emphasis on data protection, regulatory compliance, and advanced threat detection. This role leverages Microsoft security technologies and collaborates across Legal, HR, Compliance, and IT to safeguard sensitive data, investigate insider threats, and ensure defensible e-Discovery practices.

KEY RESPONSIBILITIES

Following is a summary of the essential functions for this job.  Other duties may be performed, both major and minor, which are not mentioned below.  Specific activities may change from time to time. 

Data Protection & Privacy

• Implement and enforce data protection policies and controls to prevent unauthorized access, misuse, or exfiltration of sensitive data.
• Ensure compliance with global data privacy regulations (e.g., GDPR, CCPA, HIPAA).
• Partner with Data Governance and Privacy teams to align insider risk and e-Discovery efforts with enterprise data protection strategy.
• Monitor and report on data handling practices, retention schedules, and access controls.

IRM Triage & Investigations

• Lead triage of IRM alerts leveraging AI to enhance fidelity and automate alert triage.
• Lead investigations into insider-related incidents with discretion and professionalism.
• Coordinate cross-functional response efforts and document findings for executive and legal review.

Risk Assessment & Mitigation

• Conduct risk assessments to identify insider vulnerabilities and recommend mitigation strategies.
• Develop and maintain playbooks and workflows for insider threat, e-Discovery,
• and data protection scenarios.

Training & Awareness

• Promote awareness and training programs around insider risk, data governance, and secure collaboration.
• Provide guidance on secure data handling and retention practices.

Metrics & Reporting

• Define KPIs and produce reports on insider risk trends, e-Discovery metrics, and data protection effectiveness.

EDUCATION AND EXPERIENCE

The requirements listed below are representative of the knowledge, skill and/or ability required.  Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• Bachelor’s (required) or Master’s (preferred) degree in Cybersecurity, Information Security, Computer Science, or related field.
• 8+ years of experience in cybersecurity, with at least 3 years in insider risk, e-Discovery, and data protection.

CERTIFICATIONS, LICENSES, REGISTRATIONS

• Certifications such as CISSP, CISM, GIAC, CEDS, CIPP, or CDPSE are preferred.

FUNCTIONAL SKILLS

• Hands-on experience with Microsoft Defender, Microsoft Purview, and Microsoft Sentinel.
• Strong understanding of data protection laws, privacy regulations, and digital forensics.
• Experience with e-Discovery platforms and workflows.
• Experience operationalizing AI in IRM, Data Protection, and eDiscovery
• Excellent communication, analytical, and stakeholder management skills.
• Strategic thinker with a proactive approach to risk and compliance.
• Ability to manage sensitive investigations with discretion and professionalism.
• Experience in regulated industries or high-security environments.

General Description of Available Benefits for Eligible Employees of CRC Group: At CRC Group, we're committed to supporting every aspect of teammates' well-being – physical, emotional, financial, social, and professional. Our best-in-class benefits program is designed to care for the whole you, offering a wide range of coverage and support. Eligible full-time teammates enjoy access to medical, dental, vision, life, disability, and AD&D insurance; tax-advantaged savings accounts; and a 401(k) plan with company match. CRC Group also offers generous paid time off programs, including company holidays, vacation and sick days, new parent leave, and more. Eligible positions may also qualify for restricted stock units and/or a deferred compensation plan.

CRC Group supports a diverse workforce and is an Equal Opportunity Employer that does not discriminate against individuals on the basis of race, gender, color, religion, citizenship or national origin, age, sexual orientation, gender identity, disability, veteran status or other classification protected by law. CRC Group is a Drug Free Workplace.

EEO is the Law   Pay Transparency Nondiscrimination Provision   E-Verify