Director, Digital Forensics and Incident Response

Director DFIR (Digital Forensics and Incident Response)

About TMHCC

Tokio Marine HCC (TMHCC) brings 50 years of service to the specialty insurance industry, today offering over 100 products to commercial customers in 180 countries around the world.  Every policy we write is special, enabling our clients to do amazing things. From insuring the crops that feed us to the rock concerts that entertain us, to rescuing international travelers in trouble.

Organic growth and over 60 successful acquisitions have grown our 2023 Gross Written Premium (GWP) to over $7.5 Billion. Our workforce has grown to 4,300 worldwide … big, but not so big that you cannot make a difference. Our Good Company values, including integrity, empowerment, and commitment to customer service, and a culture of innovation, communication, and collaboration make TMHCC a great place to work.

What we offer: 

• Competitive salary and employee benefit package 

• Strong learning culture 

• Growth perspectives 

• 6% 401K match 

• 20 days of PTO and 2 Floating Days 

• Paid parental leave

• An opportunity to love what you do

About the role:

Shape the future of TMHCC-CPLG by creating and inspiring a team of DFIR specialists, driving excellence in digital forensics, incident response, and threat mitigation for TMHCC-CPLG insureds. Ultimately, develop and implement strategic initiatives to continue to enhance the teams DFIR capabilities, ensuring swift and effective response to cyber incidents. Oversee all aspects of digital forensic investigations for insureds, including managing incident response operations, providing expert technical guidance, developing strategic response plans, and ensuring the TMHCC-CPLG stays abreast of emerging cyber threats, while often acting as the primary client contact for incidents. 

Key Responsibilities Intro

Relying on broad experience and judgment, this role is accountable for accomplishing the following responsibilities

Key Responsibilities

• Leadership and Team Management:

• Recruit, develop, and manage a high-performing DFIR team, including technical specialists in areas like malware analysis, Managed Detection and Response, digital evidence collection, extortion negotiations, and recovery. 

• Assign tasks, delegate responsibilities, and provide mentorship to team members. 

• Develop and maintain operating procedures and best practices for DFIR team. 

• Build and maintain insured/carrier relationships.

• Invest in career development and provide mentorship to a team that will grow with time and experience.  

• Foster a culture of innovation, continuous learning, and skill development within the DFIR team. 

• Client Management and Engagement:

• Act as the “Incident Commander” for insureds or their representatives during cyber incidents, providing clear communication, recovery direction, and/or updates on investigation progress. 

• Conduct scoping calls with clients to understand the disruption, develop a roadmap to resolve the cyber security event, and provide initial triage to contain the threat.

• Understand insured needs and tailor strategies to address specific business risks and compliance requirements. 

• Communicate complex cybersecurity concepts internally and externally.

• Build strong insured relationships and maintain trust through effective communication and timely delivery of investigation results. 

• Incident Response Operations:

• Lead incident response activities during cyber security breaches, including initial triage, threat assessment, containment, eradication, and recovery phases. 

• Develop and maintain comprehensive incident response plans aligned with industry best practices. 

• Conduct post-incident analysis to identify root causes and implement preventive measures to mitigate future risks. 

Technical Experience

• Stay informed about emerging cyber threats and technologies, including Tactics Techniques and Procedures and Indicators of Compromise associated with specific cyber crime syndicates. 

• Understand and be aware of changes in technology as it relates to forensic data for review, or forensic techniques available to provide the best combination of speed and accuracy in forensic findings.

• Provide expert technical guidance on digital forensics methodologies, evidence collection, analysis, and reporting. 

• Conduct complex digital forensic investigations, including analysis of system logs, network traffic, and endpoint data. 

• Business Development and Strategy:

• Identify new business opportunities and develop strategies to expand the DFIR service offerings. 

• Contribute to the overall cybersecurity strategy, including pricing models, service packages, and marketing initiatives. 

• Collaborate with other security teams within the TMHCC-CPLG to provide holistic cybersecurity solutions to clients. 

Position Knowledge, Skills, and Requirements

• Minimum Bachelor’s degree Cyber security, Computer Science, Information Technology related degree or relevant professional work experience in these  

• 8 -10 Years Former professional experience in leading and managing DFIR team and managing active cybersecurity engagements, including incident response, digital forensics investigations and working with insureds/ clients and legal counsel

• 4 Years Prior people management or team leadership roles

California and New York Residents Only 

For candidates working in person or remotely in the following locations, the reasonable pay range for this specific position is New York, NY & Encino, CA, $172,300 - $230,000 annually and  Mount Kisco, New York, $187,900 - $240,000 annually.   The salary offered for this specific position is based on a number of legitimate, non-discriminatory factors set by the Company. The Company is fully committed to ensuring equal pay opportunities for equal work regardless of color, race, sex, national origin, sexual orientation, gender identity, gender expression, religion, age, veteran status, disability, pregnancy, citizenship status, genetic information, or any other basis protected by federal, state, or local pay equity laws. The salary range is the range THMCC, in good faith, believes is the range of possible compensation for this role at the time of this posting. This range may be modified in the future, and actual compensation may vary from posting based on geographic location, work experience, education, and/or skill level. Even within the pay range, the actual compensation will vary depending on the above factors as well as market and business considerations.” 

The Tokio Marine HCC Group of Companies offers a competitive salary and employee benefits package. We are a successful, dynamic organization experiencing rapid growth and are seeking an energetic and confident individual to join our team of professionals. The Tokio Marine HCC Group of Companies are equal opportunity, employers. Please visit www.tmhcc.com for more information about our companies. 

The Company believes in “second chance” employment.  Qualified applicants with arrest or conviction history will be considered regardless of their arrest or conviction history, consistent with local laws such as Los Angeles County Fair Chance Ordinance and the California Fair Chance Act.

You do not need to disclose your criminal history or participate in a background check until a conditional job offer is made to you. After making a conditional offer and running a background check, if the Company is concerned about conviction that is directly related to the job, you will be given the chance to explain the circumstances surrounding the conviction, provide mitigating evidence, or challenge the accuracy of the background report.

This job posting is for Account Assistant, and its material job duties include those listed above.