Our client, a top 5 Canadian bank, is seeking a Data Loss Prevention Analyst.
LOB: IT Fraud and Investigations
Tentative Start Date: May 28, 2018 or asap after
Duration: 6 months
Work Location: Downtown Toronto
Possibility of Extension/Conversion: Yes – ideally, they would look to convert this person to Full-Time Employee down the road.
GROUP INFORMATION/CULTURE: Team of seven, very open and supportive, work as a group. Questions, opinions and suggestions are welcome. They also have fun – everyone is a contributor. They feel this is an amazing team to work for. Weekly team meetings.
EMPLOYEE VALUE PROPOSITION: Exposure across the LOBs, different groups around them – can gain insight and knowledge
WHO THEY WILL WORK WITH ON A DAILY BASIS: Will work very closely with the Team Lead. Regular contact with Corporate Security investigators and Line of Business management. Frequent contact with other internal stakeholders such as Compliance, Employee Relations, Human Resources, Legal, IBCS, etc. Occasional contact with Technology, product support and external vendors.
Providing meaningful, accurate and complete data searches of electronic information for the development, support and preservation of evidence for investigations, regulatory compliance and legal.
The primary accountability includes electronic communication retrieval and system alert analysis for Data Loss Prevention (DLP) and Employee Activity Monitoring (EAM) investigations.
The incumbent is required to assess alerts based on prerequisite analysis, defined decision trees and assign investigations to the LOB (Line of Business) or Corporate Security based on the nature of the event/alert.
They will provide problem resolution for data gathering, analysis, process review and recommendations.
An understanding of queries, system problem solving, excel (formula and graphs) and time management by continually reassessing priorities and updating management on escalations, is a requirement.
The most critical factor is that they need to understand the risk to the bank.
- Excellent communication skills – both written and verbal – will be dealing with all LOBs. They have templates and detailed procedures but this person must be able to articulate on calls and in email etc.
- Finance background (some retailers have the same role but data is not relevant)
- 1.5 - 3 years of experience
The Business Unit:
IT Fraud and Investigations is a dynamic, multi-skilled group whose mission is to continuously develop, implement, and maintain a comprehensive protection program and investigative services for the bank.
The mandate of this diverse team is to monitor and respond to fraud, information security risks and threats to people, digital assets and property through investigation and consultation with business units on a proactive basis.
- Providing meaningful, accurate and complete analysis of information for the development, support and evidence of investigations, as part of the Bank’s fraud prevention strategies.
- Working with Corporate Security response investigators, IBCS, Legal & Compliance, Privacy Office and the line of business management to identify key evidence through electronic information retrieval and data analysis, correlation, and track from different sources via several electronic tools and logging repositories.
- Provide advice/recommendations regarding:
o Various electronic data surrounding investigations;
o Data breaches per managing our Data Leakage Prevention monitoring tool;
o Email preservations supporting Legal; and,
o Employee Activity Monitoring for internal fraud.
- Applying a working, conceptual and practical understanding of fraud prevention, data gathering, analysis and summary in support of investigations or alert management.
- Email Archive Data Analyst: Create unique queries using a front end interface tool to retrieve Outlook communications (email), IM, Blackberry, etc., from the company’s enterprise wide archive.
- Management of alerts would include:
o Provide first-level triage of employee activity alerts; perform analysis and assignment based on predefined workflow and notification to LOB, Privacy Office or Corporate Security;
o Assist with the assessment of the quality, relevance and validity of information gathered to formulate a conclusion;
o Manage alerts on a priority bases;
o Note trends, anomalies and associations;
o Assist in defining EAM internal processes to manage alert types, and design and execute internal due diligence;
o Provide recommendations to enhance the effectiveness of tool monitoring rules while raising operational proficiency opportunities; and,
o Draft or update existing procedures for Email searches, DLP and EAM.
- Review and reconcile internal monthly reporting for internal and external department executives including:
o Preservation reconciliation;
o Weekly and monthly operational reporting;
o Maintain internal records for searches, data leakage alerts, employee activity alerts, and physical evidence among others;
o Prepare quarterly DLP reporting;
o Assist in designing and implement any new reporting requirements.
- Manage and maintain storage requirements for several electronic storage servers. This includes long term capacity planning analysis on future state requirements.
- Facilitate technology system upgrades and participate in analyzing new tools and other technical changes. This could include defining requirements, testing and implementation of enhanced processes.
- Support Corporate Security with the life cycle management of all electronic evidence, (i.e. recordings, images, hard drives and secure media).
- Manage and administer physical access and respond to access control monitoring alerts for the secure forensic room.
- Manage ServiceNow requests for ITF&I and other CS groups, as needed.
- Perform eCIF inquiries.
- Participate in special internal projects or tasks, as assigned.
KNOWLEDGE AND SKILLS:
- Advanced experience with MS Office Suite.
- Quick learner and good understanding system alert management. E.g. SourceOne, EAM, DLP and other internal tools.
- Sound creative problem resolving and results oriented.
- Good analytical reasoning and a proven judgment and decision-making skills to address tasks, priorities.
- Ability to gather, synthesize, organize and interpret data or information and formulate observations and/or in-sights which can be presented in Corporate Security reporting or Line of Business management.
- Working knowledge of ServiceNow.
- Understand the need for confidentiality, preservation of evidence and accurate output based on facts.
- Maintain autonomy in performing independent data retrieval, analysis and summary.
- Sound writing and communications skills for reporting and escalations of issues.
- Self-motivated, passionate, resourceful and organized.
- High school graduate
- Experience will take priority over degree