Division IV · Advanced Specialist Credential

Organisational Insider Risk Analyst

The Organisational Insider Risk Analyst is an advanced specialist credential for practitioners who apply structured behavioural frameworks to the identification, analysis, and management of insider risk within organisational contexts. OIRA is offered at Level II (Specialist) only, reflecting the substantive professional experience required to practise competently in this domain.

Level II — Specialist (Advanced)

Apply for OIRA Certification → Admissions Enquiry

Advanced Credential — Experience Pathway Required

OIRA is available at Level II (Specialist) only. Candidates are required to demonstrate substantive professional experience in security risk, HR risk, or closely related functions, and must meet the documented eligibility criteria before examination. OIRA credentials are professional development qualifications and do not confer government authority of any kind.

Credential Overview

Insider risk — the risk posed to an organisation by individuals with legitimate access, whether through malicious intent, negligence, or external compromise — is a recognised and substantive challenge for organisations across sectors. OIRA addresses the professional competency required to apply structured behavioural frameworks to this challenge systematically, ethically, and within an evidence-informed methodology.

The OIRA is not a credential in surveillance, counterintelligence, or security investigations of government personnel. It addresses private sector and organisational insider risk management: the analysis of behavioural indicators within a structured multi-disciplinary programme, the design and governance of insider risk frameworks, and the ethical and legal responsibilities of practitioners who undertake this function.

OIRA is positioned as an advanced credential reflecting the seniority of practitioners who typically lead or advise on insider risk programmes. The Level II minimum is a floor, not a ceiling: OIRA candidates are generally experienced security managers, HR risk professionals, or corporate intelligence practitioners who bring substantive domain knowledge and require a formal credential to represent their behavioural science competency within this specific function.

Candidate Profile

OIRA candidates are typically senior practitioners with existing professional responsibility for security risk, human factors risk, or related organisational risk management functions. The credential provides formal recognition of competency in the behavioural science dimensions of this work.

Security managers with portfolio responsibility for insider risk, personnel security, or organisational security behaviour
HR risk professionals leading or contributing to insider risk programmes within people management functions
Insider threat programme leads responsible for design, governance, and operation of organisational insider risk frameworks
Corporate intelligence practitioners supporting organisational risk analysis with behavioural assessment components
Compliance officers with substantive security responsibility in regulated sectors including financial services and critical infrastructure
Security consultants advising organisations on insider risk programme design and governance
Risk analysts in organisations implementing formal insider risk management frameworks

OIRA is not appropriate for government intelligence personnel undertaking national security insider threat functions, or for practitioners in law enforcement roles conducting criminal investigations into insider activity under statutory authority. Such practitioners may pursue OIRA as a personal professional development credential subject to meeting the eligibility requirements.

Competency Framework

The OIRA competency framework reflects the specialist nature of the credential. Competencies address both the technical application of behavioural frameworks in insider risk contexts and the governance, ethical, and legal responsibilities of practitioners who operate in this sensitive domain.

Behavioural Frameworks in Insider Risk

Evidence-informed behavioural models applied to insider risk, including understanding of the academic literature on insider threat precursors, the limitations of behavioural prediction, and the appropriate scope of behavioural analysis in organisational settings.

Insider Risk Programme Design and Governance

Design, implementation, and governance of organisational insider risk programmes: scope, policy framework, stakeholder engagement, proportionality principles, and integration with broader security and HR functions.

Multi-Disciplinary Assessment Methodology

Multi-disciplinary approaches to insider risk assessment: integrating behavioural, technical, and contextual indicators within structured assessment frameworks; team-based assessment processes; and the role of behavioural analysis within broader insider risk evidence.

Ethics, Privacy, and Legal Awareness

The ethical and legal responsibilities of insider risk practitioners: privacy and data protection obligations, proportionality, informed policy frameworks, the rights of subjects, and the GIB Code of Ethics as applied to insider risk practice.

Organisational Context and Human Factors

The role of organisational culture, management practices, and structural factors in insider risk: understanding the organisational and environmental precursors to insider risk behaviour alongside individual behavioural indicators.

Reporting, Communication, and Advisory Standards

Professional standards for insider risk reporting: communicating findings to senior management and governance bodies; advisory competency in sensitive risk contexts; and standards for documentation that appropriately qualifies the uncertainty in behavioural risk assessments.

Eligibility Requirements

OIRA eligibility reflects the advanced nature of the credential. GIB's Admissions Panel reviews all OIRA eligibility documentation and may request supplementary information where required to confirm eligibility. Eligibility is not assumed from job title alone; documented experience and demonstrated professional development in the domain are assessed.

OIRA — Level II Specialist Eligibility

Minimum five years of relevant professional experience in a security risk, HR risk, corporate security, compliance, or closely related function
At least two years of direct or substantive involvement in insider risk, personnel security, or organisational security behaviour as a component of professional responsibilities
Active GIB credential in a relevant division (CSBA Level II, BAIC Level II, or GIB Division I or II credential), or equivalent prior learning reviewed and approved by the Admissions Panel at their discretion
Professional development portfolio demonstrating OIRA competency development — portfolio guidance is provided following admissions confirmation
Professional references from two individuals with direct knowledge of the candidate's insider risk or security risk practice
Completion of a GIB-approved OIRA preparation programme or documented self-study against the OIRA competency framework
Agreement to the GIB Code of Ethics and the additional conduct requirements applicable to OIRA credential holders

Candidates who are uncertain about their eligibility are encouraged to contact the GIB Admissions Office for an informal eligibility review before submitting a formal application. GIB does not charge for eligibility reviews at the enquiry stage.

Examination Structure

The OIRA examination is designed to assess applied specialist competency in organisational insider risk through both a formal examination and an assessed professional portfolio. Both components must reach the required standard for the credential to be awarded.

Examination Format

Case-based written examination

Extended scenario-based assessment requiring structured professional judgement and competency application

Examination Duration

3 hours 30 minutes

Supervised examination at a GIB-authorised centre; open competency framework permitted

Pass Mark

70%

Examination and portfolio assessed jointly; both must meet satisfactory standard

Portfolio Assessment

Professional practice portfolio

Submitted to the GIB Examination Board prior to examination sitting for independent assessment

Portfolio Scope

Case evidence and reflective analysis

Detailed guidance on portfolio scope and assessment criteria provided on admissions confirmation

Results Timeline

Within 35 days

Extended results timeline reflects joint examination-and-portfolio assessment process

Given the sensitivity of insider risk practice, OIRA examination questions do not require candidates to disclose confidential case information. The portfolio uses structured anonymisation guidance to enable reflective case documentation without disclosure of organisational or individual identifying information. GIB Examination Board members who review OIRA portfolios are subject to confidentiality obligations.

Certification Process

OIRA has a more extended admissions and preparation pathway than entry-level credentials, reflecting the advanced nature of the examination and the portfolio requirements. Most candidates spend 8–14 months from initial enquiry to credential award.

Informal Eligibility Review

Contact GIB Admissions to discuss your background and confirm that you are likely to meet the OIRA eligibility requirements before investing in the formal application process. This informal review is free and does not constitute a formal eligibility determination.

Formal Application and Admissions Panel Review

Submit the formal OIRA application including professional references, experience documentation, and evidence of any prerequisite GIB credential or equivalent. The Admissions Panel reviews all documentation and may request additional information. Eligibility decisions are communicated within 15 working days of receipt of complete documentation.

Portfolio Development and Preparation

Following eligibility confirmation, candidates receive the OIRA candidate handbook, portfolio guidance, and preparation resources. Portfolio development typically takes 3–6 months alongside professional practice. GIB-approved training organisations offering OIRA programmes provide structured support through this phase.

Portfolio Submission and Examination Scheduling

Submit the completed portfolio to the GIB Examination Board and schedule your examination sitting. Portfolio review and examination scheduling run concurrently. A confirmed examination date will be allocated within the examination cycle following portfolio submission.

Examination and Results

Sit the OIRA examination at a GIB-authorised centre. Results are communicated within 35 days, incorporating both the examination and portfolio assessments. Successful candidates receive the OIRA credential and are entered in the GIB public registry with the reference format GIB-YYYY-IR-XXXXXX.

Recertification

OIRA credentials are valid for two years. Recertification reflects the expectation that insider risk is a developing field and that practitioners maintain current knowledge of the evidence base and legal frameworks applicable to their practice.

Completion of the GIB CPD log demonstrating relevant professional development including engagement with current insider risk research and legal developments over the credential period
Recertification declaration confirming continued active practice in an insider risk or closely related role and continued compliance with the GIB Code of Ethics
Submission of a brief reflective practice summary (OIRA-specific requirement, guidance provided at credential award)
Payment of the applicable OIRA recertification fee

Supporting Documentation

PDF

OIRA Candidate Handbook — Advanced Specialist Credential

PDF

OIRA Competency Framework — Full Published Edition

PDF

OIRA Portfolio Guidance and Assessment Criteria

PDF

GIB Code of Ethics — Including OIRA Conduct Supplement

PDF

OIRA Preparation Reading List — Insider Risk Research Compendium

PDF

GIB Recertification Requirements and OIRA CPD Framework

Frequently Asked Questions

Why is OIRA only available at Level II?

Insider risk practice requires substantive professional experience to exercise competently and ethically. The behaviours, privacy implications, and organisational consequences of insider risk assessments are significant, and GIB's view is that practitioners should not hold a credential in this domain without demonstrating the professional foundation that Level II experience and prior credentialing represents. The Level II minimum is set by GIB's Scientific Advisory Council and Examination Development Committee as an appropriate threshold for this domain.

Does OIRA address national security insider threat, government personnel security, or intelligence community programmes?

No. OIRA is designed for private sector and organisational contexts. GIB is a private certifying body with no relationship with any government, intelligence, or national security agency. OIRA does not address classified or government-specific insider threat methodologies, and OIRA holders should not represent the credential as relevant to national security contexts in which government-specific authorisation or accreditation is required. Government or intelligence practitioners may pursue OIRA as a personal professional development credential in a private capacity.

How does OIRA relate to surveillance, monitoring, or data collection practices?

OIRA competencies address behavioural analysis within insider risk frameworks, including the ethical and legal dimensions of insider risk programmes that involve any element of data analysis or monitoring. The credential does not endorse or teach any specific surveillance or monitoring technology or methodology. OIRA candidates are assessed on their understanding of the legal and ethical constraints on any monitoring or data collection activity that may be part of an insider risk programme, and the GIB Code of Ethics explicitly requires OIRA holders to operate within applicable legal frameworks and to uphold the rights and dignity of individuals who are the subject of any insider risk assessment.

I do not hold a current GIB credential. Can I still apply for OIRA?

The standard eligibility pathway for OIRA requires an active GIB credential in a relevant division. However, the Admissions Panel may consider applications from practitioners who demonstrate equivalent prior learning through substantial documented experience and professional development in the domain. Equivalent prior learning assessments are conducted at the discretion of the Admissions Panel and may involve additional documentation. Candidates seeking this route are strongly encouraged to make an informal eligibility enquiry before submitting a formal application.

Can the portfolio include information from confidential cases?

Yes, subject to the anonymisation requirements set out in the OIRA portfolio guidance. GIB provides detailed guidance on how to document case-based evidence in a way that demonstrates genuine professional competency without disclosing information that could identify individuals or organisations. Examination Board reviewers are subject to confidentiality obligations. Candidates should not include information that they are not authorised to disclose or that is subject to legal or professional restrictions, regardless of anonymisation.