Incident Response Lead

The Area:

The Information Security department is responsible for setting enterprise security policies and standards that are designed to protect the confidentiality, integrity and availability of Morningstar information. The security team offers guidance and technical expertise in areas like application security, policies and procedures, disaster recovery and compliance/regulation. We analyze emerging security threats and conduct risk and vulnerability assessments to ensure that our information remains secure.

The Role:

We are seeking a highly skilled and experienced Cyber Security Incident Responder to join our global team. As the Incident Response Lead, you will be responsible for leading our response to cyber security incidents, coordinating efforts across various teams, and ensuring effective communication and resolution of incidents. This role requires a strategic thinker with strong leadership and technical skills, capable of making quick and informed decisions in high-pressure situations.

This position is based in our Chicago office. We follow a hybrid policy of 3 days onsite and 2 days remote work.

Responsibilities:

• Serve as the primary point of contact and decision-maker during cyber security incidents.
• Lead and coordinate incident response efforts, including mobilizing resources, assessing the situation, and implementing response plans.
• Collaborate with internal and external stakeholders to gather information, assess impact, and prioritize response actions.
• Provide clear and timely communication to stakeholders, including executive leadership, throughout the incident lifecycle.
• Implement and refine incident response procedures, protocols, and playbooks to enhance effectiveness and efficiency.
• Conduct post-incident reviews to identify lessons learned and areas for improvement.
• Stay abreast of emerging cyber threats, vulnerabilities, and best practices in incident response.
• Collaborate with security engineers to enhance detections and playbook automations.
• Lead tabletop exercises with SOC team members and internal stakeholders.
• Assist with documenting monthly incident reports and conduct post incident reviews with analysts and engineers.

Requirements:

• Bachelor's degree in Computer Science, Information Technology, or related field (or equivalent experience).
• 5+ years of experience in cyber security, with a focus on incident response and handling.
• Proven experience leading and coordinating incident response efforts in a fast-paced environment.
• Strong technical knowledge of network security, malware analysis, intrusion detection, and related technologies.
• Excellent communication and interpersonal skills, with the ability to interact effectively with stakeholders at all levels.
• Relevant certifications such as the GIAC Incident Handler (GCIH) are preferred.
• Ability to remain calm and focused under pressure, with a commitment to delivering results.

Morningstar’s hybrid work environment gives you the opportunity to work remotely and collaborate in-person each week. We’ve found that we’re at our best when we’re purposely together on a regular basis, at least three days each week. A range of other benefits are also available to enhance flexibility as needs change. No matter where you are, you’ll have tools and resources to engage meaningfully with your global colleagues.