Security Manager Sr - Insider Threat & Employee Investigative Services

At PNC, our people are our greatest differentiator and competitive advantage in the markets we serve. We are all united in delivering the best experience for our customers. We work together each day to foster an inclusive workplace culture where all of our employees feel respected, valued and have an opportunity to contribute to the company's success. As a Security Manager Sr within PNC's Technology organization, you will be based in Pittsburgh, PA; Cleveland, OH; Denver, CO; Birmingham, AL; or Phoenix, AZ., The Manager of the Technical Insider Threat Team and Employee Investigative Services Group is responsible for leading PNC's enterprise insider threat detection, investigation, and response program, with a specific focus on technical insider threat, employee misconduct with a cyber nexus, and insider fraud investigations. This role drives the integration of technical monitoring, behavioral analytics, investigative rigor, and cross functional coordination to protect PNC from malicious, negligent, and compromised insider activity.

The role serves as a key liaison between Cybersecurity, Human Resources, Legal, Compliance, Fraud, and Corporate Investigations, ensuring insider risk is identified early, investigated appropriately, and mitigated in accordance with PNC policy, regulatory expectations, legal requirements, and financial crime reporting obligations, including Suspicious Activity Reporting (SAR)., Program Leadership & Strategy

• Lead PNC's Technical Insider Threat Program, including detection, investigation, remediation, and continuous improvement
• Manage Employee Investigative Services activities related to insider fraud, misuse of systems, data exfiltration, and policy violations with a technical or cyber component
• Establish and maintain insider threat operating models, governance, metrics, and reporting
• Ensure alignment with NIST, Zero Trust, and regulatory guidance applicable to insider risk

Detection & Monitoring

• Oversee technical monitoring capabilities
• Partner with GSFC/SOC to operationalize insider threat detections and escalation workflows
• Continuously evaluate detection efficacy and reduce false positives

Investigations & Response

• Direct and oversee complex insider investigations, including potential fraud, sabotage, data theft, and policy violations
• Ensure investigations are documented, defensible, and compliant with HR, Legal, Compliance, and regulatory standards
• Coordinate evidence preservation, chain of custody, and forensic support
• Support disciplinary actions, terminations, and referrals as appropriate

Insider Fraud Oversight

• Lead investigations related to employee driven fraud involving systems misuse, payment manipulation, data access abuse, or collusion
• Partner with Fraud Risk Management, Ethics Office, Compliance, and Corporate Investigations on insider fraud matters
• Assess investigative findings for SAR reportability and support the preparation, review, and escalation of SARs involving insider activity, in coordination with Compliance and AML partners
• Identify trends and systemic control gaps contributing to insider fraud risk

Cross Functional Collaboration

• Act as a trusted partner to:

o Human Resources & Employee Relations

o Legal & Privacy

o Compliance & Risk Management

o Fraud Risk Management / AML

o Audit and Regulatory Affairs

• Support internal audits, regulatory exams, and management responses related to insider threat, employee investigations, and SAR governance

People Management

• Lead and develop a team of insider threat analysts and investigators
• Set priorities, manage workload, and ensure staff are trained on investigative, technical, legal, and SAR related requirements
• Foster a culture of confidentiality, professionalism, and risk awareness

Reporting & Governance

• Produce executive level metrics, dashboards, and briefings for senior leadership
• Maintain insider threat KPIs and trend analysis
• Contribute to policy development and updates related to employee monitoring, investigations, and insider related SAR processes, * Manages multiple teams focused on maintaining confidentiality, integrity, and availability of data, systems, and networks.
• Responsible for management and oversight of applicable security technology products for network, systems and data.
• Develops, implements and enhances policies and procedures to improve the operation and effectiveness of the organization.
• Provides technical and professional advice or knowledge regarding various administrative areas of responsibility.
• Oversees and manages administrative staff. Provides professional and personal growth and development to individuals as appropriate.

PNC Employees take pride in our reputation and to continue building upon that we expect our employees to be:

• Customer Focused - Knowledgeable of the values and practices that align customer needs and satisfaction as primary considerations in all business decisions and able to leverage that information in creating customized customer solutions.
• Managing Risk - Assessing and effectively managing all of the risks associated with their business objectives and activities to ensure they adhere to and support PNC's Enterprise Risk Management Framework.

PNC also has fundamental expectations of our people managers. As a manager of talent in PNC, you will be expected to:

• Include Intentionally - Cultivates diverse teams and inclusive workplaces to expand thinking.
• Live the Values - Role models our values with transparency and courage.
• Enable Change - Takes action to drive change and innovation that will transform our business.
• Achieve Results - Takes personal ownership to deliver results. Empowers and trusts others in decision making.
• Develop the Best - Raises the bar with every talent decision and guides the achievement of all employees and customers.

Required

• Bachelor's degree in Cybersecurity, Information Systems, Forensics, Criminal Justice, or equivalent experience
• 7+ years of experience in:

o Cybersecurity, threat intelligence, insider threat, fraud investigations, digital forensics, or financial crime investigations

• 3+ years of people management or program leadership experience
• Demonstrated experience leading internal investigations involving employees, including insider fraud
• Experience supporting or participating in Suspicious Activity Report (SAR) evaluations, filings, or narratives related to insider activity or fraud

Strong understanding of

o Insider threat methodologies and frameworks

o User behavior analytics and security telemetry

o Fraud schemes involving internal access

• Proven ability to navigate sensitive matters with discretion, sound judgment, and regulatory awareness

Preferred

• Experience in financial services or other highly regulated environments
• Familiarity with AML, SAR regulatory requirements, employment law, privacy considerations, and regulatory expectations
• Certifications such as:

o CISSP, CISM, GCIA, GCED, CFE, or similar

• Experience working with HR, Legal, Compliance, and AML functions on employee investigations
• Exposure to LLM/AI chatbot abuse or emerging insider risk vectors, * Strong investigative and analytical skills
• Executive communication and briefing capability
• Ability to balance security, privacy, employee trust, and regulatory obligations
• Sound decision making under sensitive circumstances
• Leadership, influence, and cross organizational collaboration, Successful candidates must demonstrate appropriate knowledge, skills, and abilities for a role. Listed below are skills, competencies, work experience, education, and required certifications/licensures needed to be successful in this position.

Preferred Skills

Access Control (AC), Building Architecture, Customer Solutions, Disaster Recovery Planning, Information Security, Network Security, Physical Security, Risk Assessments, Security Technologies

Competencies

Information Assurance, Information Security Audits, Information Security Management, Information Security Technologies, IT Environment, IT Standards, Procedures & Policies, Knowledge of Organization, Planning: Tactical, Strategic

Work Experience

Roles at this level typically require a university / college degree. Higher level education such as a Masters degree, PhD, or certifications is desirable. Industry-relevant experience is typically 8+ years. At least 5 years of prior management experience is typically required. Proven leadership experience with a moderate to large scope of responsibility is required. In lieu of a degree, a comparable combination of education, job specific certification(s), and experience (including military service) may be considered.

Education

Bachelors

PNC offers a comprehensive range of benefits to help meet your needs now and in the future. Depending on your eligibility, options for full-time employees include: medical/prescription drug coverage (with a Health Savings Account feature), dental and vision options; employee and spouse/child life insurance; short and long-term disability protection; 401(k) with PNC match, pension and stock purchase plans; dependent care reimbursement account; back-up child/elder care; adoption, surrogacy, and doula reimbursement; educational assistance, including select programs fully paid; a robust wellness program with financial incentives.

In addition, PNC generally provides the following paid time off, depending on your eligibility: maternity and/or parental leave; up to 11 paid holidays each year; 9 occasional absence days each year, unless otherwise required by law; between 15 to 25 vacation days each year, depending on career level; and years of service.

To learn more about these and other programs, including benefits for full time and part-time employees, visit pncthrive.com .