Insider Threat Analyst

Job Title: Insider Threat Analyst

Contract Type: Permanent

Location: Edinburgh OR Glasgow OR Alderley Edge       

Working style: Hybrid 50% home/office based 

Closing date: 10th April 2025

Our Security Operations team is growing and have opportunities for Insider Threat Analysts in Edinburgh / Glasgow / Alderley Edge. We monitor and manage potential threat and real data loss events in key business areas. These are exciting opportunities to join a growing organisation and work on a variety of new security tooling and technologies    

The successful candidates will be responsible for managing and improving detection engineering, Data handling, Data Loss Prevention systems, investigate alerts, and work with teams across Cyber Security, IT, Legal, and Compliance to reduce data security risks and ensure regulatory compliance. Developing the posture of the detections and collaborating with key stakeholders.  

About the role  

• Assist with Designing and implement insider threat detections based on behavioural indicators and real-world risk scenarios. 

• Identify gaps in current monitoring capabilities and propose new detections to address those gaps. 

• Translate insider risk scenarios into practical alerting logic and monitoring rules across security platforms. 

• Assist with investigations involving insider risk, data / access misuse, fraud and employee misconduct. 

• Conduct investigative interviews and behavioural assessments.

• Analyse behavioural, financial and technical indicators to determine intent and impact.

• Build and mature workflows across Insider Risk, fraud prevention, misconduct handling and case management. 

• Develop and refine triage models, escalation standards and investigation lifecycle processes.

• Partner with technical teams to improve alerting, detection logic and data visibility across monitoring platforms. 

• Identify control gaps and implement practical improvements to reduce risk exposure.

• Develop and maintain playbooks and operational standards. 

• Contribute to executive-level reporting and risk insight. 

• Ensure monitoring and investigative activities align with privacy and regulatory requirements. 

About you  

• Experience in Data Loss Prevention, Security Operations, or Cyber Security monitoring. 
• Detection engineering skills and use case development lifecycle management.

• Exposure to fraud or whistleblowing investigations.

• Experience refining detection use cases or improving alert quality.

• Strong communication skills.

• Hands-on experience with Microsoft Purview or similar tooling. 

• Experience with Microsoft 365 security tools or cloud security. 

• Knowledge of insider risk, digital forensics, or behavioural analytics. 

• Relevant certifications (e.g. Security+, CCSP, CISSP, Microsoft SC-400. 

• Experience working in a SOC or operational security environment. 

About Royal London  

We’re the UK’s largest mutual life, pensions and investment company, offering protection, long-term savings and asset management products and services.    

Our People Promise to our colleagues is that we will all work somewhere inclusive, responsible, enjoyable and fulfilling. This is underpinned by our Spirit of Royal London values; Empowered, Trustworthy, Collaborate, Achieve.  

We've always been proud to reward employees by offering great workplace benefits such as 28 days annual leave in addition to bank holidays, an up to 14% employer matching pension scheme and private medical insurance. You can see all our benefits here - Our Benefits

Inclusion, diversity and belonging  

We’re an Inclusive employer. We celebrate and value different backgrounds and cultures across Royal London. Our diverse people and perspectives give us a range of skills which are recognised and respected – whatever their background.