Pay Transparency Statement:
The compensation philosophy reflects the Company's reasonable expectation at the time of posting. We consider a number of factors when making individual compensation decisions including, but not limited to, skill sets, experience and training, and other business needs. This role may also be eligible to participate in a discretionary incentive program, subject to the rule governing the program.
Position Summary:
As the Global Incident Response Manager, you will lead the Global Incident Response (IR) team and cross-functional teams, responding to and neutralizing threats that pose a risk to the business. You will coordinate all cross-team collaboration, documentation, create and maintain relevant KPI's, and develop runbooks/playbooks related to IR. You will work closely with the SOC/SIEM Managed Security Services Provider (MSSP) and internal service partners striving for continuous improvement.
Want more jobs like this?
Get Business Operations jobs in Rosemont, IL delivered to your inbox every week.
Position Responsibilities may include, but not limited to:
- Manage the IR team and MSSP personnel supporting IR functions, overseeing recruitment, training, and retention
- Respond to incidents, ensuring correct procedures and playbooks are followed to handle incidents, mitigate risk to business operations, and coordinate actions and communications with both technical and business stakeholders
- Utilize data from Threat Intelligence, Threat Hunting, Vulnerability Management, SOC, and Red Team to address security issues and enhance detection and response times
- Oversee all people-management activities for direct reports, including establishing goals and providing mentorship for team members
- Build and maintain relationships with key stakeholders, suppliers, IT, and other departments to support security initiatives
- Design and engineer processes, procedures, and work instructions for all tasks related to IR and forensics
- Drive IR continuous improvement through KPIs, operational metrics, high quality reports to technical and executive audiences, and Tabletop exercises
- Review and update the Cyber Security Incident Response Plan (CSIRP) annually and on an as-needed basis
- Advise and approve tuning recommendations within security products to reduce the number of false-positives and false-negatives
- Participate in developing Purple Team activities to facilitate team and individual skill improvement, as well as improve security controls