IT Security Manager (Incident Management)

Location - Hybrid Waltham, MA

Wolters Kluwer Global Business Services (GBS) is designed to provide services to the business units in the areas of technology, sourcing, procurement, legal, finance, and human resources. These global centers promote team collaboration using best practices around a specific focus area to drive results and enhance operational efficiencies. There is a constant endeavor to benchmark against best-in-class industry standards to improve the quality of deliverables, increase cost savings, enhance productivity, and reduce time to market for products and applications.

We have an amazing opportunity for an IT Security Manager (Incident Management), available within our Global Business Services division! The IT Security Manager (Incident Management) will be responsible for monitoring and response to all emerging security incidents to protect and enhance the confidentiality, integrity, and availability of Wolters Kluwer assets.

As the IT Security Manager (Incident Management), you will lead information gathering efforts during investigation into suspected and confirmed security incidents to protect personal and confidential information at WK. In this role, you will be required to demonstrate proficiency in incident analysis, data gathering and information synthesis in every area of IT security management. Your role will also include interfacing with and responding to internal business unit IT representatives and stakeholders at all levels during emerging security incidents, real or simulated. 
 
 Responsibilities:

•    Primarily responsible for the response to and recovery from emerging information security incidents, acting as the focal point leading response efforts and ensuring effective action to contain and remediate the situation
•    Respond to cybersecurity incidents and perform triage to assess the severity of the incident and determine the appropriate response.
•    Conduct open-source intelligence (OSINT) investigations to identify and track down malicious actors and their tactics, techniques, and procedures (TTPs).
•    Participate in red team/blue team exercises to test and improve the organization's incident response capabilities.
•    Collaborate with other members of the cybersecurity team to develop and implement security controls and incident response procedures.
•    Provide technical guidance and support to junior incident responders as needed.
•    Maintain up-to-date knowledge of the latest security threats and trends through continuous learning and professional development.
•    Perform forensically sound collections of ESI from laptops, desktops, mobile devices, hard drives, servers and cloud data sources both onsite and remotely.
•    Verify, extract and analyze systems, logs and malware data in support of investigations and litigation systems
•    Drive efficient, repeatable, proactive, integrated, and mature cyber defense and response
•    Supports the investigation of reported security breaches and, in coordination with WK global security operations, develop procedures to respond to security incidents and assist with investigations
•    Contributes to the analysis and delivery of findings to internal customers with impactful, comparative, interpretative security analysis in a clear, consistent, and factual manner.
•    Responsible for establishing communications bridges and meetings in support of response efforts
•    Responsible for maintaining proper group focus during investigation activities and redirecting efforts in support of timely recovery
•    Responsible for aggregating information relevant to the situation and synthesizing probable root cause 
•    Responsible for developing and recommending best course of action based on solid security principles
•    Driving the incident response process from detection through containment and eradication.
•    Accountable for documenting all WK and partner activity, taken in response to emerging situations
•    Accountable for the day-to-day review and assessment of security events that may become or contribute to security incidents.
•    Ensures work is compliant with WK enterprise policies, procedures and the local business plan
•    Responsible for ensuring appropriate post-mortem and lessons-learned sessions are conducted, following incident restoration of service
•    Responsible for organizing and taking part in cross-functional incident exercise activities, ensuring that policy and procedure are followed
•    Responsible for ensuring knowledge of IT security and emerging threat scenarios is current
•    Responsible for reviewing threat intelligence sources is support of WK security situational awareness
•    Responsible for assisting in the development of vulnerability and threat related communications for potential dissemination to warn WK employees of an emerging situation
•    Responsible for ensuring information arising from incident response activities, that would result in configuration changes or other modifications to ensure WK security posture, is communicated to the proper operational contacts for execution.
OTHER DUTIES

Performs other duties as assigned by supervisor

Qualifications

• Bachelor's Degree in Computer Science/MIS or equivalent experience
• 7+ years in Information Technology
• 3+ years in an information security function, including risk management and privacy practices
• 2+ years in an information security incident handling role

Technical Skills:

• Strong understanding of network protocols and security technologies (firewalls, IDS, encryption)
• Experience with OSINT tools and techniques
• Cloud and physical forensic investigations, delivering executive reports
• Knowledge of red team/blue team exercises
• Incident response frameworks and methodologies with a focus on automation
• Experience with Intel, SIEM, and SOAR platforms (ThreatConnect/MISP, Snowflake/Splunk, Swimlane/DeMisto)
• Expertise with digital forensic toolsets (Encase, AccessData, SIFT, Axiom)
• Flexible working hours to support a global operation

Interpersonal Skills:

• Experience engaging with executive-level individuals during incident response
• Excellent oral and written communication
• Ability to present complex technical issues to diverse audiences
• Diplomacy in working with customers and stakeholders
• Ability to follow policy and procedure
• Teamwork and performance under stress
• Integrity in handling sensitive data
• Self-motivated with strong analytical and problem-solving abilities
• Ability to set and manage priorities judiciously

Additional Technical Skills:

• Knowledge of basic security principles (confidentiality, integrity, availability)
• Understanding of security vulnerabilities and exposures
• Familiarity with Internet protocols and network applications
• Knowledge of network and host/system security issues
• Understanding of malicious code and threat vectors
• Experience with Risk Analysis and Risk Management
• Basic programming and scripting knowledge (advanced knowledge a plus)

Incident Handling Skills:

• Consistent communication and documentation with customers and stakeholders
• Ability to synthesize technical data to identify intruder techniques
• Effective interpersonal communication for quick resolution
• Ability to analyze ongoing situations for potential security incidents
• Maintenance of incident records for recovery, regulatory, and legal requirements
• Familiarity with ITIL service management methodology
• Experience in a 24x7x365 operations environment

Additional Requirements:

• Strong technical skills in security assessments of external service providers
• Experience with GDPR and GDPR compliance implementations
• Knowledge of ISO 27001, NIST 800-53, NIST CSF, and PCI DSS
• Preferred certifications: CISSP, ITIL, GCIH, CERT/CC CSIH, GCTI, GCFR, GCFA, GIME, GCFE
• Multiple language capability desired

Travel Requirements

• Occasional domestic or international travel, up to 25%

Physical Demands

• Ability to travel to the office and support necessary work
• No heavy lifting of equipment required