Job Description: IT Security – Fusion Center Team Lead

Schedule: M-F

Location: Atlanta or Birmingham

POSITION SUMMARY:

Do you have a passion for finding bad guys?

Is curiosity your primary talent?

Is your ideal career at the intersection of technology and people that use it?

A leading U.S. energy company seeks an experienced IT security professional to join an Insider Threat Fusion Center in a technical leadership role. The candidate will directly support the company’s efforts to address real and potential insider threats to the company’s facilities, personnel, technology, operations, and brand. The selected candidate will serve as the Fusion Center Team Lead charged with: 1) coordinating programmatic elements with other company stakeholders, 2) advancing technical capabilities, 3) managing the analytical work of the team.

The Team Lead will leverage his/her experience running an Insider Threat program, leading others, managing cybersecurity projects, program management, and cyber-physical threat analysis to identify and track potential insider threat activity, primarily using digital data sources. The successful applicant should have a demonstrable track record of successfully teaming with other organizational components to identify and mitigate risk in both the technology and human domains. The Team Lead will deliver clear and concise assessments, briefings, and reports to partners and executive leadership. The Team Lead will also need to understand operational risks at the corporate level and develop relationships across the company that will support coordinated response strategies based on the company’s Insider Threat Mitigation Program plan.

RESPONSIBILITIES:

• Lead the day-to-day operations of the Insider Threat Fusion Center

• Lead the deployment of innovative data correlation tools and practices

• Lead efforts to monitor and track activity that crosses risk thresholds and conduct inquiry to classify activity for further investigation and resolution

• Oversee programmatic aspects of the Fusion Center, including IT projects to create new capabilities

• Participate with the Fusion Center Team in performing threat analysis, documenting and presenting findings, and improving existing methodologies for technical threat assessment

• Understand and utilize relevant data sets, analytic techniques, and visualization tools to assimilate and interpret sources from across the company and identify potential insider threat behavior

• Compare analytic results against known tactics, techniques and procedures historically associated with advanced insider threats

• Communicate alerts on potential insider activity to cross-functional teams

• Coordinate with working-level representatives to Fusion Center from key organizations such as human resources, general counsel, compliance, etc. for information sharing, situational awareness and determination of responsive action on insider threats

• Oversee the implementation of workflows for insider threat evaluations

• Lead the production of defined-scope threat assessments to assist in mitigating identified insider vulnerabilities

• Provide operational and programmatic briefings to management

• Support definition, monitoring, and reporting of effectiveness metrics on an ongoing basis

REQUIREMENTS:

• BA/BS in computer science, technology, engineering or security-related field or equivalent experience

• Demonstrable experience leading or building an Insider Threat Program in a technology environment

• Understanding of best practices for detecting and classifying insider threats

• Familiarity with behaviors and indicators, both physical and information systems-related, associated with insider threats

• Experience leading the enterprise deployment of new analytic tools in an IT environment

• Demonstrated expertise using multiple analytic methodologies, programs, and tools in support of cyber and human threat analysis

• Independent thinker with strong analytical and problem-solving skills

• Experience using DLP and User Behavioral Analytics (UBA) tools

• Experience communicating with senior stakeholders inside and outside the company

• Familiarity with global threats to the energy sector preferred

• Insider Threat or Information Security certification such as ITPM or CISSP preferred

#LI

Southern Company (NYSE: SO) is a leading energy provider serving 9 million residential and commercial customers across the Southeast and beyond through its family of companies. Providing clean, safe, reliable and affordable energy with excellent service is our mission. The company has electric operating companies in three states, natural gas distribution companies in four states, a competitive generation company, a leading distributed energy infrastructure company with national capabilities, a fiber optics network, and telecommunications services. Through an industry-leading commitment to innovation, resilience, and sustainability, we are taking action to meet our customers’ and communities’ needs while advancing our commitment to net zero emissions by 2050. Our uncompromising values ensure we put the needs of those we serve at the center of everything we do and are the key to our sustained success. We are transforming energy into economic, environmental and social progress for tomorrow. Our corporate culture and hiring practices have earned the company national awards and recognition from numerous organizations, including Forbes, Military Times, DiversityInc, Black Enterprise, J.D. Power, Fortune, Human Rights Campaign and more. To learn more, visit www.southerncompany.com.

Southern Company is an equal opportunity employer where an applicant's qualifications are considered without regard to race, color, religion, sex, national origin, age, disability, veteran status, genetic information, sexual orientation, gender identity or expression, or any other basis prohibited by law.

Job Identification: 5384

Job Category: Cybersecurity

Job Schedule: Full time

Company: Southern Company Services