Insider Risk
Role overview
The postholder helps the department get better at stopping threats that come from people inside the organisation. They do this by using identifying, assessing, and mitigating potential security risks from individuals who have authorised access to an organisation’s assets, including employees, contractors, and partners. They are always looking for ways to improve security for our staff, making sure we have a strong defence against internal threats by using facts and giving expert advice.
Role level
Typical role expectations
- Supporting role in the assessment of insider risk potential
- Supports insider risk investigations
- Maintains all logs/registers of insider risk/threats
- Actions as admin for all insider risk/threat incidents, near misses and so on
- Act as part of the Incident Response team where appropriate, providing support
- Supports Lead and Principal Insider Risk/Threat roles
Typical role expectations
- Lead assessor for insider risk potential
- Leads investigations of all incidents of insider risk
- Represent Security/insider risk interests at Managerial/Senior Leader level
- Monitor processes and procedures to reduce and promptly identify insider risk
- Shares best practice in reducing and identifying potential insider risk
- Act as part of the Incident Response team where appropriate and provide intelligence support during ongoing incidents
- Work closely with management teams to keep them updated on the latest insider risk/threats
- Horizon scanning for new and changing methods of insider threat/risk
- Establish mutual intelligence sharing with credible external sources
- Identify capability gaps and works to address these
Typical role expectations
- Oversees assessment for insider risk potential
- Activity work with and support policy makers in developing insider risk policy
- Liaise with other business units, OGDs, etc, to identify wide spread insider risk. This may also include sharing intelligence
- Advises on processes and procedures to reduce and promptly identify insider risk
- Shares best practice in reducing and identifying potential insider risk
- Influence, change, and impact security decisions with both internal and external stakeholders
- Support and lead the delivery of insider risk/threat assessments and action recommendations to stakeholders at executive level
- Act as part of the Incident Response team where appropriate and provide intelligence support during ongoing incidents
- Horizon scanning for new and changing methods of insider threat/risk
- Establish mutual intelligence sharing with credible external sources
Skills
| Skill | Associate | Lead | Principal |
|---|---|---|---|
| Protective security | Awareness | Working | Practitioner |
| Legal and regulatory environment and compliance | Awareness | Awareness | Practitioner |
| Risk understanding and mitigation | Awareness | Working | Expert |
| Threat understanding | Awareness | Working | Expert |
Core learning
Associate
NPSA – Insider Risk Mitigation Framework
NPSA – Security Culture
Management of Risk ® Foundation
Lead
Certified ISO27001 Practitioner
NPSA – Reducing Insider Risk
NPSA – Insider Risk Mitigation Framework
Principal
NPSA – Insider Risk Mitigation Framework
(ISC)2 Certified Information Systems Security Professional Training (CISSP)
NPSA – Reducing Insider Risk