Insider Risk Management

Carrier Global Corporation, a global leader in intelligent climate and energy solutions, is committed to creating solutions that matter for people and our planet for generations to come. From the beginning, we've led in inventing new technologies and entirely new industries. Today, we continue to lead because we have a world-class, diverse workforce that puts the customer at the center of everything we do. For more information, visit corporate.carrier.com or follow Carrier on social media at @Carrier.

Role Purpose:

The candidate for this role is responsible forestablishing and leading a global insider risk program focused on protecting Carrier from data loss, sabotage, internal fraud, and corporate espionage. The candidate drives the strategy, governance, and day-to-day operations of Carriers Insider Risk Program, including the managementof the enterprise Data Loss Prevention (DLP) platform.

The most competitive candidateshave a strong investigative mindset and a background in cybersecurity, investigations and insider threat analysis; for example, someone who understands how toidentifydigital footprints, correlate behavioral indicators, and conduct pattern analysis. This position requires experience operating in complex, multinational environments as well as astrong understanding of global data protection, privacy, and labor regulations.

Role Responsibilities:

• Build and lead a global Insider Risk Program addressing threats across data protection, sabotage, fraud, and corporate espionage.

• Conduct and coordinate investigations of insider activity using technical telemetry, user behavior analysis, and DLP event data.

• Manage and evolve the enterprise DLP program to ensure coverage across key risk areas and alignment with business operations.

• Develop detection logic, response workflows, escalation procedures, and documentation standards to support defensible, repeatable investigations.

• Collaborate with digital forensics teams on complex cases requiring deeper technical examination.

• Ensure all insider risk activities align with global privacy, data protection, and employment regulations and frameworks.

• Create governance processes and policy controls that enable consistent insider risk management across diverse regulatory environments.

• Coordinate closely with Legal, Human Resources, Compliance, and other stakeholders to ensure all investigative practices are ethical, defensible, and compliant.

• Educate global stakeholders and provide communications on insider threat trends, prevention strategies, and program capabilities.

• Review enterprise telemetry to uncover behavioral anomalies, data misuse, evasion techniques, and other indicators of insider threat.

• Translate complex technical data into investigative insights and actionable recommendations.

• Refine detection use cases through behavioral modeling and retrospective analysis.

• Apply adversarial thinking and red-team mindset to proactively uncover hidden risk.

• Define success metrics, Key Performance Indicators, and reporting standards to measure program maturity, impact, and success.

• Drive automation and scalability to support growing volumes of telemetry and investigation workload.

• Evaluate tools, processes, and threat models continuouslyto stay ahead of evolving insider risks.

• Serve as a trusted advisor to executive stakeholders, aligning insider risk strategy with broader enterprise security goals.

Basic Qualifications

• Associate's degree and5+ years in cybersecurity investigations and insider threat OR a Bachelor’s Degree and3+ years in cybersecurity investigations, and insider threat.

Preferred Qualifications:

• Background in digital forensics, behavioral analytics, law enforcement, or threat intelligence.

• Experience developing security programs within complex, globally distributed organizations.

• Demonstrated success navigating global compliance requirements and multi-jurisdictional challenges.

• Strong communication and stakeholder engagement skills with the ability to influence across functions.

• Proven ability to assess user behavior and digital activity for indications of risk or policy violations.

• Familiarity with insider threat and/or cybersecurity frameworks (e.g., NIST, CERT, MITRE, NITTF).

• Yellow Belt in Lean Six Sigma Karate

• Experience managing or tuning enterprise cybersecurity technologies.

• Fluent in multiple languages.

#LI-Onsite

RSRCAR