TC-CS-Cyber Detection and Response-Incident Response-Manager

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. 

Job Description: Incident Response Manager
Position Overview: The Incident Response Manager leads the organization's cybersecurity incident response efforts, overseeing the management and resolution of security incidents. This role involves strategic planning, coordination, and execution of Tier 3 incident response services, focusing on application, network, and infrastructure security. The Incident Response Manager collaborates closely with the Cyber Defense lead and other stakeholders to ensure effective incident containment, eradication, and recovery, while maintaining a robust security posture.
 

Key Responsibilities:

• Leadership and Strategy:
  • Lead and manage the incident response team, including Tier 3 analysts and other cybersecurity personnel, in responding to security incidents.
  • Develop and implement incident response strategies, policies, and procedures in alignment with organizational objectives and industry best practices.
  • Coordinate with the Cyber Defense lead to ensure a cohesive and comprehensive approach to cybersecurity defense.
• Incident Response Execution:
  • Oversee the execution of Tier 3 security incident response services, addressing application, network, and infrastructure security alert events.
  • Assign containment, eradication, and recovery tasks to the appropriate resource teams, ensuring swift and effective action.
  • Direct response actions on managed hosts where the Security Operations Center (SOC) team has requisite access and permissions, including isolating compromised or infected hosts.
• Cyberattack Disruption and Mitigation:
  • Lead efforts to disrupt cyberattacks, including the isolation of compromised hosts and implementation of pre-approved containment actions.
  • Ensure that all actions taken are in accordance with documented procedures and permissions.
• Incident Communication and Clarification:
  • Provide clear communication of incident details, containment, eradication, and recovery recommendations to the cyber defense team and other relevant stakeholders.
  • Participate in cyber defense calls, providing updates and strategic guidance on cybersecurity incidents and defense activities.
• Quality Assurance and Continuous Improvement:
  • Conduct periodic peer reviews of Tier 2 analyst work to identify trends, assess effectiveness, and recommend areas for improvement.
  • Promote a culture of continuous improvement within the incident response team by fostering knowledge sharing, training, and professional development.
• Escalation and Reporting:
  • Manage the escalation of critical incidents to senior leadership and other relevant parties, ensuring timely and accurate reporting.
  • Develop and deliver incident reports and presentations to executive management, highlighting incident impact, response actions, and lessons learned.
• Collaboration and Stakeholder Engagement:
  • Collaborate with cross-functional teams, including IT, legal, compliance, and external partners, to coordinate incident response efforts.
  • Engage with external stakeholders, such as law enforcement and third-party vendors, as necessary during incident investigations.
• Risk Management and Compliance:
  • Ensure that incident response activities comply with legal, regulatory, and organizational requirements.
  • Lead the assessment and management of risks associated with cybersecurity incidents, developing strategies to mitigate future threats.

Qualifications:

• Extensive experience in cybersecurity, particularly in incident response and threat management, with a strong background in leading teams.
• In-depth knowledge of application, network, and infrastructure security.
• Proven ability to manage complex security incidents, including advanced threat detection, containment, and remediation.
• Strong leadership and communication skills, with experience presenting to executive management and external stakeholders.
• Proficiency in security technologies, including SIEM systems, IDS/IPS, EDR, and other monitoring and response tools.
• Familiarity with regulatory requirements and compliance standards related to cybersecurity.
• Ability to work under pressure and manage multiple high-priority incidents simultaneously.

Additional Information: The Incident Response Manager is a senior-level role critical to the organization's cybersecurity posture. This position requires a strategic thinker with strong leadership skills and the ability to manage a team of cybersecurity professionals in high-stress situations. The Manager must be adept at balancing immediate incident response needs with long-term security improvements and risk management strategies. This role offers an opportunity to make a significant impact on the organization's security resilience and overall risk profile.
 

EY | Building a better working world 

 
EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.  

 
Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.  

 
Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.