1

Insider Risk Manager Jobs (NOW HIRING)

next page

Showing results 1-20

Insider Risk Manager information

See salary details

$51.5K

$111.6K

$170K

How much do insider risk manager jobs pay per year?

As of Jul 7, 2026, the average yearly pay for insider risk manager in the United States is $111,556.00, according to ZipRecruiter salary data. Most workers in this role earn between $90,000.00 and $129,000.00 per year, depending on experience, location, and employer.

What does an Insider Risk Manager do?

An Insider Risk Manager is responsible for identifying, assessing, and mitigating risks posed by individuals within an organization, such as employees, contractors, or business partners. Their work focuses on preventing data breaches, intellectual property theft, and other security incidents caused by trusted insiders. They develop policies, conduct investigations, monitor employee activity for suspicious behavior, and collaborate with other departments to strengthen security measures. Ultimately, their goal is to protect the organization's assets and reputation from internal threats.

What are some common challenges faced by an Insider Risk Manager, and how can they be addressed?

Insider Risk Managers often face challenges such as detecting subtle behavioral changes that may signal insider threats, balancing employee privacy with effective monitoring, and fostering a culture of security awareness. Addressing these challenges typically involves working closely with IT, HR, and legal teams to implement risk assessment tools, develop clear communication strategies, and provide regular training. Additionally, staying updated on the latest threat trends and maintaining transparent incident response protocols help Insider Risk Managers mitigate potential risks effectively.

What is the difference between Insider Risk Manager vs Data Loss Prevention Specialist?

AspectInsider Risk ManagerData Loss Prevention Specialist
CredentialsSecurity certifications (CISSP, CISM), risk management experienceSecurity certifications, technical knowledge of DLP tools
Work EnvironmentCorporate security teams, risk assessment settingsIT security teams, technical implementation roles
Industry UsageFinancial, healthcare, government sectorsTech, finance, enterprise sectors
Primary FocusIdentifying and mitigating insider threatsPreventing data exfiltration and leaks

The Insider Risk Manager focuses on detecting and managing risks posed by internal employees, while the Data Loss Prevention Specialist concentrates on technical measures to prevent data leaks. Both roles require security certifications and are vital in protecting organizational assets, but they differ in scope and daily responsibilities.

What are the key skills and qualifications needed to thrive as an Insider Risk Manager, and why are they important?

To thrive as an Insider Risk Manager, you need expertise in cybersecurity, risk assessment, and incident response, often supported by a degree in information security or a related field. Familiarity with SIEM tools, DLP systems, and certifications like CISSP or CISM are typically required. Strong analytical thinking, discretion, and communication skills help in identifying threats and collaborating with stakeholders. These skills ensure effective mitigation of insider threats, protecting organizational assets and sensitive information.
More about Insider Risk Manager jobs
What cities are hiring for Insider Risk Manager jobs? Cities with the most Insider Risk Manager job openings:
What states have the most Insider Risk Manager jobs? States with the most job openings for Insider Risk Manager jobs include:
Infographic showing various Insider Risk Manager job openings in the United States as of July 2026, with employment types broken down into 1% Locum Tenens, 63% Full Time, 3% Part Time, 1% Contract, 30% Nights, and 2% Summer. Highlights an 87% Physical, 2% Hybrid, and 11% Remote job distribution, with an average salary of $111,556 per year, or $53.6 per hour.
Information Technology

Information Technology

Cravath, Swaine & Moore LLP

New York, NY โ€ข On-site

Full-time

Medical, Dental, Vision, Retirement, PTO

Posted 22 days ago


Job description

We are seeking an experienced, dynamic Information Security Engineer with expertise in data leakage prevention (DLP), insider risk management, and identity and access governance (IAG). This role is responsible for protecting sensitive data across endpoints, cloud services, and SaaS platforms by designing, implementing, and operating security controls that identify, classify, monitor, and govern access to enterprise data.

This position also plays a hands-on role in securing Microsoft Copilot for M365 and other emerging AI-enabled tools, focusing on technical controls, data protection enforcement, and security logging. The ideal candidate has experience managing data classification and labeling programs, insider risk detection, identity governance platforms, and modern security tooling, and is comfortable working across IT, security, and compliance functions to enable the business securely.


Data Protection & Leakage Prevention

  • Designs, implements, and operates Data Loss/Leakage Prevention (DLP) controls across endpoints, email, cloud services, and SaaS platforms;
  • Leads and maintains data identification, classification, and labeling strategies for structured and unstructured data;
  • Monitors, investigates, and responds to data exfiltration and misuse events, including both accidental and malicious activity;
  • Tunes detection policies to reduce false positives while maintaining effective risk coverage.

Insider Risk Management

  • Operates and enhances insider risk detection and response programs, including behavioral analytics and user activity monitoring;
  • Partners with IT/IS management on insider risk investigations, ensuring appropriate governance and privacy controls;
  • Develops workflows for escalation, evidence handling, and remediation of insider risk incidents.

Identity & Access Governance

  • Manages and optimizes identity and access governance (IAG) platforms, including access reviews, entitlement management, and lifecycle automation;
  • Supports least-privilege access models, role-based access control (RBAC), and segregation of duties (SoD) initiatives;
  • Integrates identity signals with data protection and insider risk tooling to enable contextual, risk-based controls.

Security Tooling & Operations

  • Serves as a subject matter expert for security platforms related to DLP, insider risk, data classification, and identity governance;
  • Evaluates, onboards, and operationalizes new security tools and features;
  • Creates and maintains runbooks, procedures, dashboards, and metrics to demonstrate program effectiveness.

Governance, Risk, and Collaboration

  • Supports regulatory and compliance requirements related to data protection and access control (e.g., SOX, HIPAA, GDPR, CCPA, etc., as applicable);
  • Provides guidance to IT and business teams on secure data handling and access practices;
  • Contributes to security awareness efforts related to data handling, insider risk, and acceptable use.

AI & Generative AI Security (Technical Controls & Monitoring)

  • Implements and operates security controls for Microsoft Copilot for M365 using Purview, Defender, and Entra ID to enforce access boundaries and reduce data exposure;
  • Configures DLP, sensitivity labels, permissions, logging, and alerting to ensure AI-assisted access aligns with data classification and authorization models;
  • Investigates and responds to data exposure or misuse involving Copilot or other AI-enabled workflows, and support secure onboarding of additional AI/LLM tools; and
  • Performs additional duties as assigned.

REQUIRED CANDIDATE QUALIFICATIONS:

  • 5+ years of experience in information security, with direct focus on data protection, insider risk, or identity governance;
  • Hands-on experience with one or more DLP and data classification platforms (e.g., Microsoft Purview, Symantec, Forcepoint, Netskope, etc.);
  • Experience managing identity and access governance solutions (e.g., Microsoft Entra ID Governance, SailPoint, Saviynt, Okta IGA);
  • Strong understanding of data classification schemes, sensitive data types, and data handling controls;
  • Experience investigating security alerts and incidents involving user behavior and data misuse;
  • Familiarity with endpoint, cloud, and SaaS security architectures;
  • Strong documentation, communication, and cross-functional collaboration skills; and
  • Ability to work additional hours as needed.

PREFERRED / NICE-TO-HAVE QUALIFICATIONS:

  • Experience with Microsoft security ecosystem (Purview, Defender for Endpoint, Defender for Cloud Apps, Entra ID, Sentinel);
  • Experience with User and Entity Behavior Analytics (UEBA) or insider risk platforms;
  • Knowledge of privacy-by-design principles and employee monitoring considerations;
  • Scripting or automation experience (PowerShell, Python, KQL, etc.);
  • Security certifications such as CISSP, CISM, CCSP, GIAC, or vendor-specific certifications;
  • Bachelorโ€™s degree in Information Security, Computer Science, Information Technology, or a related technical field.

This position is located in our New York office, and currently has a hybrid work schedule, but that is subject to change. The estimated salary range for this position is $160,000 to $180,000. The actual salary offered will be based on a wide range of factors, including relevant skills, training, experience, education, and where applicable, licensure or certification obtained. Market and Firm factors are also considered. In addition to base salary and discretionary bonus(es), we offer a generous employee benefits package including, but not limited to, paid time off, medical, dental, vision care, 401(k) and substantial health club discounts.