Who is responsible for establishing and executing the facility's insider threat program?

The key responsibility here is establishing and executing the insider threat program. The Insider Threat Program Senior Official is designated to lead this effort, providing policy direction, governance, and day-to-day management. This role ensures the program is integrated with the facility’s security posture, coordinates across HR, IT, legal, and security teams, and oversees training, monitoring, risk assessment, and incident response. They report to senior leadership and maintain accountability for the program’s effectiveness. The Facility Security Officer focuses on physical security operations and access control, not the overarching insider threat program. The Security Architect designs security systems and controls, not the program’s leadership or execution. The Program Manager may oversee project activities, but the ultimate responsibility for the insider threat program lies with the ITPSO.