The Risk Intelligence Lead will be reporting to Cyber Risk Lead within IBM CISO organization and will be responsible for the evaluation for multi-source threat intelligence feeds and development, publication and briefing of risk intelligence data to introduce an independent viewpoint on cyber risks impacting IBM. Risk intelligence lead will be primarily responsible for producing intelligence reports and forecasts to senior leadership team on risk estimates of leading threats, vulnerabilities and breaches in the industry. The Risk Intelligence Lead will identify and gather the data points required for the comprehensive risk assessment of critical vulnerabilities and breaches and leverage subject matter expertise in intelligence tradecraft to independently challenge criteria, tools and methodologies used for threat intelligence and threat analysis.
Position must be based at either our Research Triangle Park, NC or Herndon, VA offices.
Leverage organization’s security and technology stack to collect, parse and report on organization specific risk landscape for trending security threats in the industry
Decode major data breaches and incidents in the industry and measure exposure of IBM environments for similar breaches/ incidents
Review existing security and intelligence program for opportunities for further maturation
Demonstrate a strong technical understanding of cyber and technology threats with a direct or indirect impact to IBM business operations.
Examine tactics, techniques, and procedures of threat actors and control environments of targeted entities to assess the cyber risk for IBM environments.
Develop and deliver senior executive intelligence briefings on relevant cyber threat issues.
Build partnerships and develop working-level information sharing relationships with internal and external threat intelligence sources such as IBM Xforce
Required Technical and Professional Expertise
Bachelor’s degree in computer science, engineering, cyber security, international affairs, or intelligence-related field.
10-12 years of experience in information security with 2-3 years of experience in security threat intelligence
Minimum 5 years of experience in GRC, risk management framework, security audits and assessments.
Demonstrates working technical knowledge in Cloud security or Application security
Analytical experience addressing cyber, geopolitical, and technology threat issues required.
Ability to discern and communicate emerging or shifting patterns in cyber threat actor behavior at the strategic level. Deep understanding of cyber threat actor capabilities and motivations.
Strong written and verbal communication and presentation skills.
Maintains an understanding of the intelligence cycle and analytic integrity and tradecraft standards.
Preferred Tech and Prof Experience
Previous US Intelligence Community or Military Intelligence background preferred.
Technical certifications including GIAC, CEH, CISM, CISA or CISSP preferred.