This position is responsible for leveraging risk decisioning in the authentication channel and managing the case management portion of the Adaptive Authentication risk engine. Other additional risk engine layers inserted into the authentication path will also be managed by the Identity Analytics and Intelligence Analyst. The position will take incidents of fraud, risk or malicious use occurring through digital channels, investigate the granular details of the actions, report those actions to necessary risk engines and apply policy changes to authentication channel accordingly. Additionally, this position will monitor the authentication channels for proactive risk mitigation through analyzing authentication and identity data and gathering actionable intelligence. This role will be responsible for continuous improvement to the authentication channels through policy updates aimed to provide friction to high-risk logins while providing a seamless login experience for low-risk logins. This role will work with complex data, decisioning policies, and requires knowledge of Boolean logic, SPL (Splunk Search Language) and/or SQL.
1. CASE MANAGEMENT
1. Receive cases as referrals from Fraud Management where the vector of access for the perpetrated fraud was the authentication channel for the digital banking platforms.
2. Process cases through risk engine platform for improved performance of the risk engine Adaptive Analytics or other risk engines as applicable.
3. Identify any digital identity recovery or protection actions that need to be taken because of the Account Takeover (ATO) or digital identity compromise.
4. Investigate means of Account Takeover (ATO) or digital identity compromise and document for tracking.
5. Investigate all transactional logs for events where bad actor was utilizing account for other weak points in digital banking platforms.
6. Collaborates with Fraud Management and Compliance to identify level of interaction necessary when Account Takeover (ATO) or member identity compromise occurs at varying levels. As fraud trends change interactions may need to change as well.
2. POLICY ADMINISTRATION
1. Create and maintain policies inside of risk engine(s) on a regular cadence.
2. New policies may need to be created with new data sources as fraud trends change over time.
3. Policies will be managed and reviewed on a regular cadence along with daily adjustments as necessary when adding digital identities to monitor.
3. RULE AND ALERT WRITING
1. Write rules in a Boolean logic (SPL) to trigger scripted actions to be taken when specific criteria are met as it relates to Account Takeover (ATO) or digital identity compromise.
2. Create alerts with Boolean logic (SPL) to generate actionable alerts, when possible, threats to authentication channel or digital member identities are occurring.
3. Be able to lead and support other Credit Union teams in rule and alert writing as it pertains to bad actor use or malicious activity on digital banking platforms or digital authentication.
4. DIGITAL IDENTITY ANALYTICS AND INTELLIGENCE
1. Analyze store of digital member identities and their access for misuse, abuse, or compromise.
2. Gather intelligence on member digital identities and their access to assess risk level and make dynamic risk decisions.
3. Implements friction or challenge points based on risk levels that balance both member usability and security. Force identity proofing on digital member identities at risk.
4. Coordinates closely with Data and Analytics to leverage known data as it relates to the digital member identity and risk decisioning.
5. Proactively analyze data logs from member authentication channels and digital banking applications for malicious use and bad actors.
6. Works to create long-term solutions and automation to processes that can be improved when digital member identity is being utilized.
5. INCIDENT ANALYSIS AND RESPONSE
1. Coordinates with Security Operations Center and Network Security when misuse of authentication channel is suspected (scripted attacks, credential stuffing, password spraying, etc.). Provided necessary information to achieve friction for bad actors but not genuine users or aggregators.
2. Work to document incidents of misuse against authentication channel and categorize the incident based on attack type and vector.
Training/Education/Certification:
• Bachelor's degree or master's degree in IT, Business, Economics, Finance, Data Analytics, or another related field.
• Certifications or education relating to data analytics.
• Holds one or more Splunk certifications
Required Knowledge:
• Data analysis and investigations
• Understanding of digital banking and authentication (e.g., mobile banking, online banking, digital payments, authentication channels, risk engines)
• Understanding of risk mitigation and rule writing
• Working knowledge of SPL or SQL
• Experience with B2C authentication channels and their elements such as OAuth, WSFed, Multi-factor authentication, risk engines, dynamic challenges, WebAuthn)
• Knowledge of liability and regulation pertaining to risk and digital member identity compromise
• Understanding of information security and risk management challenges as it pertains to digital identity and member-compromised data.
Experience Required:
• At least 5-year digital banking industry experience (e.g., mobile banking, online banking, payments)
• At least 5-year fraud/risk industry experience (e.g., risk engines, fraud, risk, security)
• Investigation or data analysis experience
• Experience translating data into actionable intelligence
• Experience writing rules and policies for risk systems
• Workflow documentation inside Visio, Lucid Chart or similar
• Experience with SmartSheet, Confluence or similar
• Experience with Splunk and SPL
• Experience with Boolean logic such as SQL
• Experience with Python preferred
• Experience delivering changes and improvements to complex processes
Skills/Abilities:
• Strong communication and presentation skills
• Influencing and negotiating skills
• Boolean logic
• Data analysis and analytical abilities
• Project management
• Excellent written and oral communication skills
• Attention to detail
• Time management skills
• Adaptability, flexibility
• Problem-solving skills
• Ability to work in a matrix style organization
• Ability to collaborate and facilitate across multiple groups with conflicting perspectives and or priorities
• Must be able to work flexible hours
• Well organized
• Resilient and tenacious
• Able to document complex processes
• Able to operate a PC, 10-key, phones, and data management software
