Director of Insider Threat & Data Protection

Description

This position is an onsite position and is available to be filled at any Huntington Corporate office location (see location options on posting)

Summary

The Director of Insider Threat (Threat Interdiction Unit) will be responsible for Insider Threat, Data Protection & Digital Forensics teams, leading and maturing enterprise programs focused on insider risk management, data protection, cyber investigations, and digital forensics capabilities. This leader will oversee strategic and operational initiatives designed to protect sensitive data, detect malicious or negligent insider activity, support cyber investigations, and strengthen the organization’s overall cyber resilience posture.

This role will lead cross-functional teams spanning Insider Threat, Data Protection, Digital Forensics, and Investigations while driving a multi-year strategic maturity roadmap aligned to evolving business, regulatory, and threat landscape requirements.

Key Responsibilities

Leadership & Strategy

• Lead enterprise Insider Threat, Data Protection, and Digital Forensics functions.
• Develop and execute a strategic maturity roadmap focused on enhancing detection, investigative, forensic, and data protection capabilities.
• Establish long-term operational strategies aligned to cybersecurity, regulatory, and business objectives.
• Build scalable operating models, governance structures, and program metrics to measure effectiveness and maturity.

Insider Threat & Investigations

• Oversee insider threat monitoring, investigations, and response activities involving data misuse, fraud, intellectual property theft, policy violations, and high-risk user behavior.
• Partner with HR, Legal, Compliance, Privacy, and Corporate Security on sensitive investigations and escalation management.
• Develop behavioral analytics and risk-based monitoring capabilities to identify anomalous user activity.

Data Protection

• Lead enterprise data protection strategy including data classification and sensitive data monitoring initiatives.
• Oversee implementation and optimization of controls across endpoint, email, cloud, SaaS, and network environments.
• Partner with infrastructure, cloud, and engineering teams to improve protection of regulated and sensitive data.

Digital Forensics & Incident Response

• Lead digital forensic investigations supporting cyber incidents, insider threat cases, legal investigations, and regulatory matters.
• Establish forensic readiness standards, evidence handling procedures, and investigative protocols.
• Support enterprise incident response efforts through advanced forensic analysis and threat investigations.

Operational Maturity & Innovation

• Identify capability gaps and implement improvements across people, process, technology, automation, and analytics.
• Evaluate emerging technologies including AI-driven analytics, UEBA, DSPM, and advanced insider risk platforms.
• Drive integration between Cyber Fusion Operations, Threat Intelligence, SOC, and Data Protection teams.

Basic Qualifications:

• 6+ years of experience in Information Security, preferably in the Operations domain
• 4+ years of experience with Network Defense solutions
• 4+ years of experience in a Leadership role
• Associate's Degree or 4+ additional years of equivalent experience.

Preferred Qualifications:

• 10+ years of cybersecurity leadership experience with focus areas including Insider Threat, Data Protection, Digital Forensics, Incident Response, or Cyber Operations.
• Experience leading enterprise-scale cybersecurity or cyber investigations teams within highly regulated industries.
• Strong understanding of:
• Insider Threat Programs
• DLP/Data Protection technologies
• Digital Forensics & eDiscovery
• Threat Detection & Investigations
• Cloud and SaaS security
• Regulatory and compliance requirements

• Experience developing strategic cybersecurity roadmaps and operational maturity programs.
• Experience within financial services, healthcare, government, or other regulated industries.
• Experience operating within Cyber Fusion Center or SOC environments.
• Certifications such as CISSP, CISM, GCFA, GCFE, GNFA, EnCE, or CCSP.
• Experience with platforms such as: Microsoft Purview, Proofpoint, and/or Splunk.
• Strong executive communication and stakeholder management skills.

Exempt Status: (Yes = not eligible for overtime pay) (No = eligible for overtime pay)

Yes

Workplace Type:

Office

Our Approach to Office Workplace Type

Certain positions outside our branch network may be eligible for a flexible work arrangement. We’re combining the best of both worlds:  in-office and work from home. Our approach enables our teams to deepen connections, maintain a strong community, and do their best work. Remote roles will also have the opportunity to come together in our offices for moments that matter. Specific work arrangements will be provided by the hiring team.

Huntington is an Equal Opportunity Employer.

Tobacco-Free Hiring Practice: Visit Huntington's Career Web Site for more details.

Note to Agency Recruiters:  Huntington Bank will not pay a fee for any placement resulting from the receipt of an unsolicited resume.  All unsolicited resumes sent to any Huntington Bank colleagues, directly or indirectly, will be considered Huntington Bank property. Recruiting agencies must have a valid, written and fully executed Master Service Agreement and Statement of Work for consideration.