Incident Response, Lead
About The Position
NOTE: This role carries 24/7 on-call rotation responsibilities and active incident command expectations during major and critical events. The Incident Response Lead works with IT stakeholders across Cook Children's Health Care System to develop policies, procedures, and risk management activities that efficiently contain and minimize the impact of business interruption due to disasters or information system unavailability. This role performs risk and triage analysis to develop incident response plans and runbooks for the most likely and highest-impact events affecting the organization. The Lead also assists IT and business stakeholders in testing response plans through downtime scenarios, tabletop exercises, and other readiness activities.
Requirements
- BS/BA degree in Information Technology, Business Administration, Risk Management or a related field required. In lieu of the BS/BA degree, may accept a high school diploma and 7 years of experience.
- 4+ years' experience in incident response management or a related field required.
- Strong knowledge of industry standards and frameworks such as ISO 22301 or NIST SP 800-34.
- Strong understanding of project management principles and data technologies, expert level knowledge of IT Service Management principles, best practices and frameworks such as ITIL.
- Expert-level knowledge of IT Service Management principles, frameworks, and best practices (ITIL) preferred
- Expert-level ServiceNow experience — incident workflows, ticket quality, auditing, and reporting preferred
- Proven ability to lead live incident response under pressure
- On-call availability; experience in 24/7 rotation environments
- Strong understanding of project management principles and data technologies preferred
Nice To Haves
- Experience in healthcare IT environments
- ITIL 4 Foundation certification or higher
- Hands-on experience building or facilitating DR tabletop exercises
- Experience building or auditing runbook libraries
- Familiarity with clinical system availability requirements
- Strong executive communication and reporting skills
Responsibilities
- Assume incident command for major and critical events
- Coordinate IS leadership, business stakeholders, and technical resolvers in real time
- Draft impact statements and maintain incident timelines
- Manage communication cadence through resolution
- Enforce ticket discipline during incidents — accuracy, work note quality, and Post Incident Review resolution documentation standards within ServiceNow
- Evaluate incident ticket integrity: classification accuracy, impact/urgency, scoring, resolution notes, and root cause documentation
- Build and maintain auditing processes to ensure data quality across the incident lifecycle
- Monitor SLA compliance and workflow adherence
- Extract trend data and produce dashboards and reports for leadership
- Enforce incident workflow standards and drive corrective action where gaps exist
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
