Incident Response Manager

About the position

The Incident Response Manager at Rush University Medical Center is responsible for leading the incident response team to detect, respond to, and mitigate cybersecurity incidents. This role involves managing the incident response process, developing and implementing incident response plans, conducting risk assessments, and collaborating with various stakeholders to enhance the organization's cybersecurity posture.

Responsibilities

• Manage and lead a team of incident responders in promptly identifying, investigating, and resolving cybersecurity incidents.
• Lead and coordinate security incident response activities and workstreams as the incident response manager (IRM).
• Analyze and investigate a broad range of threats or activities, maintaining a high level of confidentiality and documenting incident details accordingly.
• Make decisions and recommendations based on the results of incident analysis and communicate to appropriate stakeholders, including insights to help identify, prevent, detect, and respond to anomalous or potentially malicious activity.
• Develop, document, and implement strategies, runbooks, capabilities, and techniques for incident response. Design and implement effective incident response plans and procedures tailored to the organization's needs and compliance requirements.
• Work cross-functionally with various teams across the environment to build solutions for analyzing security events data at scale and protecting RUSH's networks, systems, and data from threats.
• Strengthen KPIs and metrics for measuring response effectiveness and provide clear and consistent reporting to internal stakeholders.
• Continuously improve security processes and response capabilities by building relationships with key stakeholders and collaborating with IT and non-IT teams across the environment.
• Coordinate incident response activities with internal teams and external partners/vendors to ensure effective incident resolution and communication.
• Conduct post-incident analysis, document findings, and provide detailed reports to management and stakeholders. Recommend and implement improvements to incident response processes based on analysis.
• Develop and conduct training sessions, tabletop exercises, and simulations to enhance the organization's incident response preparedness.
• Stay informed about the latest cybersecurity threats, vulnerabilities, and industry best practices. Integrate threat intelligence into incident response processes.
• Ensure incident response activities comply with relevant regulations, standards, and policies (e.g., GDPR, HIPAA, PCI DSS).
• Mentor and develop other teammates, championing quality standards within the team.

Requirements

• 5+ years of experience leading Security Incident Response.
• Bachelor's degree in computer science, Information Technology, or related field.
• Strong understanding of incident response methodologies (e.g., NIST, SANS) and cybersecurity frameworks.
• Proficiency in using incident response tools and technologies, such as SIEM, EDR, and forensic investigation tools.
• Relevant certifications such as Certified Incident Handler (GCIH), Certified Information Systems Security Professional (CISSP), or similar certifications are preferred.
• Expert knowledge of Python and PowerShell and familiarity with other programming languages.
• Existing experience with log analysis (e.g. first or third-party applications, system/data access, event logs), network security, digital forensics, and incident response investigations.
• Hands-on experience analyzing and responding to security events, such as conducting log analysis, developing queries and analytics, troubleshooting security issues, and correlating complex data sets.
• Proficiency with developing and using novel analytical methods to automate response processes.
• Ability to identify trends, insights, and relationships between internal and external data and intelligence sources to make risk mitigation recommendations.
• Excellent communication and interpersonal skills, with the ability to effectively communicate technical information to non-technical stakeholders.
• Strong analytical and problem-solving skills, with attention to detail.
• Ability to work under pressure and respond effectively to incidents in a fast-paced environment.

Nice-to-haves

• Broad knowledge and experience across the information security domain, including familiarity with endpoint, email, network, identity management, cloud security, vulnerability management, incident response, and threat intelligence.
• Cloud Security certification.

Benefits

• Health insurance
• 401k retirement plan
• Paid holidays
• Professional development opportunities
• Flexible scheduling