Wellington Oscar

• Building Insider Risk Program: Developing the Insider Risk Program at the Bank of England by designing policies, detection strategies, and response frameworks to identify patterns of user noncompliance and mitigate insider risks. Developing governance structures, behavioral-based detection models, and escalation procedures to enhance visibility into insider activities

• Technology Implementation: Leveraging hands-on experience with Data Loss Prevention (DLP), User and Entity Behavior Analytics (UEBA), Security Information and Event Management (SIEM) tools (Splunk ES), and other platforms like ProofPoint, Mimecast, and Microsoft Purview to proactively identify insider threats and anomalous behaviors. Conducting ongoing evaluations of security tools, maintaining strong vendor relationship and service review

• Cross-Functional Collaboration: Collaborating with HR, Legal, Privacy, Compliance, Security Engineering, Security Architecture, and cyber incident response teams to ensure alignment of insider threat and data protection processes with organizational policies and regulatory requirements. Partnering with the Investigation team to support detailed staff investigations, providing technical insights to enhance detection accuracy

• Knowledge Sharing and Reporting: Developing and launching knowledge bases on Confluence, Jira and EazyBI, improving team documentation, collaboration, and knowledge sharing. Creating management information reports and key performance metrics to track referrals and monitor team effectiveness

• Evaluated, implemented, tested, and deployed different security solutions

• Built and fine-tuned detection rules in Elastic Security (Kibana, Beats, Logstash) to improve threat detection, reduce false positives, and improve threat coverage

• Tuned and managed Sysmon configurations to enhance endpoint visibility and detect process injection, credential dumping, and lateral movement

• Hunting, detecting, and responding to phishing attacks using a variety of techniques such as monitoring digital assets and OSINT techniques. Identifying and taking down malicious websites

• Analysed malicious emails directed to Wise customers and Wise employees, including Header information, URLs, attachment analysis using different sandboxes

• Investigated and responded to security alerts from tools (i.e. Microsoft Defender, AWS GuardDuty)

• Identifying TTPs (MITRE ATT&CK framework) and refining detection logic to improve response times.

• Developed custom queries and dashboards to track anomalous processes, suspicious network activity, and potential data exfiltration

• Educated Wise customers and Wise employees regarding proper security practices

• Strong support to compliance teams

• Provided assistance with task automation through the use of Python scripts

• Assisted in regulatory audits, risk assessments, and security governance initiatives

• Collaborated with data scientists to refine fraud detection by suggesting static rule implementations, enhancing machine learning models, and leveraging data to identify emerging fraud trends. Detected illegal activities and reported findings to the AML department through Suspicious Activity Reports (SARs) to strengthen financial crime prevention efforts