Head of Cyber Incident Response & Cyber Threat Mitigation Services

Guardian Life Insurance•New York, NY

18h•Hybrid

About The Position

This role is for a collaborative leader of cyber incident response and threat mitigation services. The ideal candidate will possess strong analytical skills, leadership capabilities, and a curiosity for threat reduction. A qualified candidate should be a self-starter with a blend of technical aptitude, knowledge of security attack methodologies (e.g., MITRE), a strong mindset, excellent written and oral communication skills, and the ability to inspire and develop talent. This position requires partnering across the firm to drive identification, containment, investigations, response, and recovery. As part of Guardian, the successful candidate must embody the Guardian operating principles of thinking big & growing, accelerating operational excellence, wowing the consumer, and leading through change with courage.

Requirements

7+ years broad/deep technology experience including public clouds
3+ years of leader experience in a security role, preferably involving incident response
Incident response methodologies and evidence handline
Strong written and oral communication skills
Experience working across functions including business, legal, HR, communications, IT.
Analytical and curious attitude
Knowledge of threat hunting and risk mitigation
Knowledge of NIST CSF, MITRE, and others frameworks, malware analysis concepts, types of attacks and attackers, common vulnerabilities.
Experience with financial services or regulated entities, US privacy regulations.
Ability to think in a structured and creative manner to address cyber incidents
Ability to process cyber threat intelligence and translate into actionable mitigation techniques and strategies.
Ability to lead a diverse high performing team.
Ability to accelerate impact and lead positive cyber security change.
Good knowledge of SIEM tools (Splunk preferred) and logging/monitoring, insider and UBA concepts and application.
BS/MS in relevant experience in cyber security and/or industry related certifications desired
A continuous & lifelong learner.
Must be legally authorized to work in the United States, without the need for employer sponsorship.

Nice To Haves

Public clouds experience
Experience in a security role, preferably involving incident response
Experience with financial services or regulated entities, US privacy regulations.
Splunk preferred

Responsibilities

Lead a team of cyber security incident response and threat mitigation engineering professionals.
Be responsible for planning, design, and operating Guardian’s cyber incident response and cyber threat mitigations operations across the areas.
Run our Corporate Incident Response Team as related to cybersecurity – coordinating actions and responses across teams.
Manage the plans, playbooks, quick reference guides necessary – and out-of-band communication plans.
Engage with 1st line teams to develop muscle memory and ensure containment actions (shutdown authorities are clear).
Coordinate with business continuity/disaster recovery teams to ensure integrated approach to large events.
Be responsible for triaging & leading cyber security incidents advanced from the security operations center.
Manage third-party incident retainers and prepare for any future engagements.
Participate-in / coordinate periodic exercises with third-parties.
Ensure quality of security incident handling and cyber threat mitigation work.
Ensure incidents are appropriately tracked, reported and after-action reports documented.
Ensure metrics are timely and accurate.
Drive our user behavior analytics (UBA) program working with the business to develop and improve appropriate logging monitoring.
Develop standard operating procedures for our 1st line SOC based on threats/observed incidents.
Proactively identify gaps and opportunities in our logging and monitoring processes.
Host monthly incident response calibration/collaboration meetings across HR, physical security, fraud, legal, compliance to collaborate on issues and shared threats and knowledge.
Communicate to various levels of the organization, both written and oral concisely and clearly.
Provide strong technical understanding of security control monitoring process at different layers.
Identify (and champion where applicable) risk mitigation.
Collaborate with other leaders across cybersecurity to help define and complete cybersecurity strategy, financial, vendor and talent management.
Contribute to the enterprise organizational Data Loss Prevention program.
Lead, manage, guide, and mentor the staff on a regular basis, including selection/retention, goal setting, annual reviews, and compensation planning and career development.
Provide recommendations to management & leadership team to increase effectiveness of security technology solutions to mitigate cyber threats and handle incidents.
Respond to and assist with due diligence and internal / external security audit requests.
Identify and act on opportunities to further enhance and refine security incident handling & cyber threat mitigation processes & capabilities.