Team Lead, Insider Risk & Data Defense

Description:

eToro is the trading and investing platform that empowers users to invest, share and learn. We were founded in 2007 with the vision of a world where everyone can trade and invest in a simple and transparent way. We have created an investment platform that is built around collaboration and investor education. On our platform, users can view other investors’ portfolios and statistics, and interact with them to exchange ideas, discuss strategies and benefit from shared knowledge. We have 40 million registered users from 75 countries and our platform is available in 20 languages. eToro is an innovative, fast growing business and listed on Nasdaq in May 2025. We have over 1,500 employees across more than 10 offices around the globe, strategically positioned to serve the needs of users. You can find out more about eToro here.

We are looking for a Cyber Hunter and Technical Leader to build a next-generation Insider Risk program. You will lead a team of analysts and engineers, utilizing AI-driven behavioral analytics and cutting-edge Data Security Posture Management tools to detect anomalies in behavior .

As the Team Lead for Insider Risk & Data Defense, you will hold one of the most critical mandates in the organization: safeguarding our proprietary data, financial assets and trust aware culture.

What You’ll Do:

• Lead the "Internal Hunter" strategy: define the roadmap for the Insider Risk function, manage day-to-day operations, and mentor a team of high-performing analysts and engineers.
• Architect and operate advanced protection suites: serve as the technical owner for DLP (Microsoft Purview), Insider Risk and DSPM solutions to visualize data flow and block unauthorized movement.
• Build AI-driven risk models: leverage Machine Learning (ML) to establish user behavior baselines and detect subtle deviations indicative of account compromise, data exfiltration, or sabotage.
• Oversee high-stakes investigations: manage the full incident lifecycle from initial alert and digital forensics to Root Cause Analysis (RCA) and executive reporting.
• Drive automated response (SOAR): develop playbooks that trigger "containment" actions (e.g., revoking access, isolating endpoints) when high-confidence malicious activity is detected.
• Optimize signal-to-noise ratio: relentlessly tune SIEM and UEBA logic to ensure the team is hunting real threats.
• Harden lifecycle security: collaborate with IT and HR on "Joiner, Mover, Leaver" processes to ensure access is strictly governed at every stage of the employee journey.
• Enable deep visibility: ensure telemetry coverage across all critical systems—from employees to privileged IT staff—to eliminate blind spots.

• 5–6+ years of experience in cybersecurity, investigations, or risk analytics
• 2+ years in a leadership role (Team Lead or acting lead), with a passion for mentoring and developing talent
• Knowledge of insider threat frameworks (CERT, NIST, ISO) and behavioral monitoring concepts
• Experience working with internal stakeholders (HR, Legal, Compliance, IT, Security Operations)
• Understanding of access governance, user activity telemetry, and internal policy enforcement
• Strong communication skills — able to translate technical findings into clear business risk
• Strategic mindset with strong attention to detail and operational execution
• Investigative Mindset - You know how to connect the dots between digital logs 

Required Certifications : At least one of the following (or equivalent):

• CISSP

• CISM

• GIAC (GCIH, GSLC, GCCC)

• Certified Insider Threat Program Manager (CITPM)

Bonus:

• Familiarity with user behavior analytics or risk scoring frameworks
• • Understanding of privacy and compliance frameworks (e.g., GDPR) in context of internal monitoring
• • Experience building or scaling internal risk or fraud programs
• • Exposure to automation or scripting for analysis or workflow optimization.