Security Incident Response Manager

Overview: My client requires a Security Incident Response Manager to join their Security Services Team. This role involves overseeing the development and implementation of incident response plans, conducting incident response exercises, and managing cybersecurity incidents. The ideal candidate will have a strong technical background in cybersecurity, along with excellent communication, incident management, and leadership skills.

About My Client's IT & Telecom Services: My client's IT & Telecom Services department is responsible for providing IT and telecom services to the holding company and its operating companies. The department ensures a robust IT foundation, supports and develops group systems, manages system integration, sets IT policy and governance standards, and leads information risk activities. Serving approximately 4,000 IT customers and 200 sites across the country, it is one of the most geographically dispersed IT landscapes.

Responsibilities and Duties:

• Develop and Maintain Incident Response Plans:

  • Continuously develop and maintain incident response plans, outlining procedures and protocols for cybersecurity incidents. Identify potential threats, assess risks, and define team roles and responsibilities.

• Conduct Incident Response Exercises:

  • Regularly conduct incident response exercises to test and improve plans. Coordinate with stakeholders, conduct tabletop exercises and simulations, and analyze results to recommend improvements.

• Manage Cybersecurity Incidents:

  • Act as the primary manager during major cybersecurity incidents. Work with the incident response team to contain incidents, mitigate damage, and restore operations. Coordinate with internal and external stakeholders.

• Manage Cybersecurity Events:

  • Serve as the primary liaison with my client's third-party SOC for all cybersecurity events. Identify events that need escalation to incidents and manage them to closure.

• Continuously Improve Incident Response Capabilities:

  • Stay updated with emerging threats, technologies, and best practices to improve incident response capabilities. Conduct research, attend conferences, and collaborate with cybersecurity professionals.

• Support the Security Service Function:

  • Assist and support the broader Technology & Security Service function as a cybersecurity subject matter expert.

Work Relationships:

• Reporting to:

  • Security Services Manager

• Internal:

  • Constituent sections of the IT & Telecom Services department, including Technology Development, Managed Services, Service Delivery, and Security Services.
  • Wider IT & Telecom Services team.
  • Business teams.

• Within Operating Companies:

  • IT Managers
  • Business teams

• External:

  • Third-party Suppliers & Vendors

Experience and Competencies:

• Experience in leading an Incident Response function within a large organization.
• Strong understanding of IT security risks, processes, and services.
• Familiarity with the NIST framework.
• Ability to deliver services under high demand and pressure.
• Excellent communication skills with the ability to clearly communicate with business and IT users.
• Strong reporting, documentation, and presentation skills.
• Ability to work independently and within a team.
• Strong interpersonal skills.

Qualifications and Certifications:

• Bachelor's Degree in IT, Computer Science, Cybersecurity, or a related field.
• Experience working with third-party vendors, including MSP & SOC.
• 5+ years of experience in cybersecurity or incident response.
• Strong technical background in cybersecurity, including intrusion detection, malware analysis, and vulnerability assessment.
• Experience in developing and implementing incident response plans.
• Excellent communication, project management, and leadership skills.
• Relevant certifications such as CISSP, CISM, or GIAC are highly desired.
• ITIL certification is desirable.

This role demands a proactive approach, technical expertise, and strong collaborative skills to maintain and enhance the security posture of my client.