Brown & Brown is seeking a Head of Insider Risk to join our growing team!
The Insider Risk Lead is responsible for developing, maturing, and overseeing Brown & Brown’s enterprise Insider Risk Management Program. This role will lead strategy, detection, investigations, and cross enterprise collaboration related to insider threats—malicious, accidental, or process driven. The Insider Risk Lad partners directly with cybersecurity, legal, TR, compliance, and business leadership to identify behavioral and data driven indicators of risk and guide sensitive risk response actions. The position requires high judgment, confidentiality, and excellent analytical and communication abilities.
How You Will Contribute:
Program Strategy & Development
- Lead the design, governance, and maturity roadmap of the Insider Risk Program.
- Develop policies, standards, and procedures aligned to enterprise cybersecurity objectives and regulatory expectations.
- Establish operational models for monitoring, escalation, and executive reporting.
Threat Detection & Investigation
- Oversee behavioral and technical monitoring tools (e.g., UBA, DLP, and privileged activity analytics).
- Conduct and/or coordinate insider risk investigations, ensuring accuracy, discretion, and appropriate documentation.
- Partner with Cybersecurity Operations to triage and interpret insider related alerts.
Enterprise Collaboration
- Serve as the primary liaison to Legal, HR, Compliance, Technology, and business units for insider risk processes.
- Facilitate communication and training to promote a culture of awareness and shared accountability.
- Work within Brown & Brown’s decentralized structure to ensure alignment, transparency, and consistent practices.
Risk Reporting & Governance
- Develop and deliver dashboards, reports, and insights for cybersecurity leadership and executive stakeholders.
- Integrate insider risk into formal risk assessments and enterprise governance processes.
- Ensure adherence to compliance standards, audit requirements, and enterprise documentation practices.
- Other duties as assigned.
Skills & Experience to be Successful:
- Experience in decentralized or federated enterprise environments (preferred)
- Relevant certifications (e.g., CISSP, CISM, CEH, GIAC certified tracks) (preferred)
- Experience with UBA, SIEM, DLP, endpoint detection, or cloud analytics platforms (preferred)
- Experience working with HR, legal, or compliance leadership on risk matters (preferred)
- Bachelor's degree in cybersecurity, information technology, risk management, or related field (or equivalent experience).
- 7+ years of experience in cybersecurity, insider threat, digital forensics, SOC operations, or similar roles.
- Proven experience developing or managing insider risk or behavioral analytics programs.
- Strong understanding of data protection, access management, monitoring tools, and investigative methodologies.
- Superior communication and judgment, especially in sensitive or confidential situations.