Job Description

Job Details Cyber Forensic Investigator The Role The Johnson Controls Global Information Security (GIS) team is undergoing a transformation and expansion as Johnson Controls increases its cybersecurity resources and capabilities in order to address the ever-changing cybersecurity threat landscape. This role blends the knowledge and utilization of cyber investigations, digital forensics, data loss prevention and insider threat analytics to support Global Information Protection. The successful candidate will be the primary point of contact for the region and deliver accurate, detailed and timely findings of risk-based activities. This role reports into the Senior Manager, Information Protection. The candidate will be able to articulate thoughts clearly, plan initiatives, and execute with appropriate urgency. The candidate will demonstrate drive, intelligence, maturity, and energy and will be a proven change agent. The Cyber Forensic Investigator will collaborate their efforts with GIS as well as key personnel within IT, Legal, Compliance and Ethics, Human Resources, Global Security, Internal Audit and Global Privacy. General Responsibilities

• Perform comprehensive investigative and technical analysis of an integrated user activity monitoring capability, across data loss prevention (DLP), user behavioral analytics (UBA) and other solutions, to identify and corroborate evidence of employee misconduct, policy violations, information loss, insider threat and fraud.
• Use and improve upon existing technologies and workflows to accurately and efficiently identify risk based on multiple data sets and data points.
• Partner with the broader GIS organization to facilitate bi-directional and cross-functional information exchange and response capabilities.
• Determine if corporate policies have been violated based on conditions outlined within the Information Protection Incident Management Framework, and document observations and findings in accordance with standard operating procedures (SOPs).
• Identify potential risk factors, indicators and warnings of at-risk insiders.
• Aid in information protection strategies and alignment with crown-jewel information asset classification and protection.
• Work with legal, privacy, audit and regulatory teams to periodically review policies, procedures and program compliance.

This job description indicates the general nature and level of work expected of the incumbent. It is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities required of the incumbent. Incumbent may be required to perform other related duties. Candidate Profile (Qualifications)

• Minimum of five (5) years of experience in any of the following fields
  • Computer or forensic investigations
  • Cyber investigations
  • Computer network defense, information governance or incident response
  • Law enforcement

• Investigative mindset with the ability to use techniques and tools to gather and evaluate evidence to perform analysis, draw findings and build a case.
• Planning and executing proactive strategy for investigations while utilizing and analyzing electronic media to identify potential risk trends.
• Demonstrated analytic skills with the ability to collect, organize, analyze, and disseminate significant amounts of information with attention to detail and accuracy
• Trained and proficient working with data loss protection (DLP), user-entity behavior analytics (UEBA), digital forensics and/or Insider Threat tools.
• Experience reviewing logs, developing Splunk queries and dashboards, automating manual tasks is a plus.
• Familiarity with O365 security and compliance center is a plus.
• Adhere to digital investigative principles, methodology and protocols to include evidence handling and preservation.
• Experience preparing incident investigation reports and documenting activities.

• Experience working collaboratively with cross-functional teams.
• Excellent interpersonal communication (verbal, written) skills and the ability to analyze and make effective recommendations to business and technology leaders.
• Ability to work independently with little or no supervision.
• Organized, responsive and thorough problem solver.

Education

• Bachelors degree in discipline related to existing job experience. Equivalent experience in lieu of a degree will be considered.
• Past experience directly supporting business units on Cybersecurity issues strongly preferred.
• Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Certified Fraud Examiner (CFE), GIAC Certified Forensic Examiner (GCFE), GIAC Certified Incident Handler (GCIF) or equivalent security certifications preferred.