Cyber Forensic Investigator

**Job Details**

**Cyber Forensic Investigator**

**The Role**

The Johnson Controls Global Information Security (GIS) team is undergoing a transformation and expansion as Johnson Controls increases its cybersecurity resources and capabilities in order to address the ever-changing cybersecurity threat landscape.

**General Responsibilities**
- Perform comprehensive investigative and technical analysis of an integrated user activity monitoring capability, across data loss prevention (DLP), user behavioral analytics (UBA) and other solutions, to identify and corroborate evidence of employee misconduct, policy violations, information loss, insider threat and fraud.
- Use and improve upon existing technologies and workflows to accurately and efficiently identify risk based on multiple data sets and data points.
- Partner with the broader GIS organization to facilitate bi-directional and cross-functional information exchange and response capabilities.
- Determine if corporate policies have been violated based on conditions outlined within the Information Protection Incident Management Framework, and document observations and findings in accordance with standard operating procedures (SOPs).
- Identify potential risk factors, indicators and warnings of at-risk insiders.
- Aid in information protection strategies and alignment with crown-jewel information asset classification and protection.
- Work with legal, privacy, audit and regulatory teams to periodically review policies, procedures and program compliance.

This job description indicates the general nature and level of work expected of the incumbent. It is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities required of the incumbent. Incumbent may be required to perform other related duties.
- Minimum of five (5) years of experience in any of the following fields
- Computer or forensic investigations
- Cyber investigations
- Computer network defense, information governance or incident response
- Law enforcement
- Investigative mindset with the ability to use techniques and tools to gather and evaluate evidence to perform analysis, draw findings and build a case.
- Planning and executing proactive strategy for investigations while utilizing and analyzing electronic media to identify potential risk trends.
- Demonstrated analytic skills with the ability to collect, organize, analyze, and disseminate significant amounts of information with attention to detail and accuracy
- Trained and proficient working with data loss protection (DLP), user-entity behavior analytics (UEBA), digital forensics and/or Insider Threat tools.
- Experience reviewing logs, developing Splunk queries and dashboards, automating manual tasks is a plus.
- Familiarity with O365 security and compliance center is a plus.
- Adhere to digital investigative principles, methodology and protocols to include evidence handling and preservation.
- Experience preparing incident investigation reports and documenting activities.
- Experience working collaboratively with cross-functional teams.
- Excellent interpersonal communication (verbal, written) skills and the ability to analyze and make effective recommendations to business and technology leaders.
- Ability to work independently with little or no supervision.
- Organized, responsive and thorough problem solver.

**Education**
- Bachelor’s degree in discipline related to existing job experience. Equivalent experience in lieu of a degree will be considered.
- Past experience directly supporting business units on Cybersecurity issues strongly preferred.
- Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Certified Fraud Examiner (CFE), GIAC Certified Forensic Examiner (GCFE), GIAC Certified Incident Handler (GCIF) or equivalent security certifications preferred.