Incident Response, Lead
About The Position
The Incident Response Lead works with IT stakeholders across Cook Children's Health Care System to develop policies, procedures, and risk management activities that efficiently contain and minimize the impact of business interruption due to disasters or information system unavailability. This role performs risk and triage analysis to develop incident response plans and runbooks for the most likely and highest-impact events affecting the organization. The Lead also assists IT and business stakeholders in testing response plans through downtime scenarios, tabletop exercises, and other readiness activities. This position carries 24/7 on-call rotation responsibilities and active incident command expectations during major and critical events.
Requirements
- BS/BA degree in Information Technology, Business Administration, Risk Management or a related field required. In lieu of the BS/BA degree, may accept a high school diploma and 7 years of experience.
- 4+ years' experience in incident response management or a related field required.
- Strong knowledge of industry standards and frameworks such as ISO 22301 or NIST SP 800-34.
- Strong understanding of project management principles and data technologies.
- Expert level knowledge of IT Service Management principles, best practices and frameworks such as ITIL.
- On-call availability; experience in 24/7 rotation environments
Nice To Haves
- Expert-level ServiceNow experience — incident workflows, ticket quality, auditing, and reporting preferred
- Proven ability to lead live incident response under pressure
- Experience in healthcare IT environments
- ITIL 4 Foundation certification or higher
- Hands-on experience building or facilitating DR tabletop exercises
- Experience building or auditing runbook libraries
- Familiarity with clinical system availability requirements
- Strong executive communication and reporting skills
- Strong understanding of project management principles and data technologies preferred
Responsibilities
- Assume incident command for major and critical events
- Coordinate IS leadership, business stakeholders, and technical resolvers in real time
- Draft impact statements and maintain incident timelines
- Manage communication cadence through resolution
- Enforce ticket discipline during incidents — accuracy, work note quality, and Post Incident Review resolution documentation standards within ServiceNow
- Evaluate incident ticket integrity: classification accuracy, impact/urgency, scoring, resolution notes, and root cause documentation
- Build and maintain auditing processes to ensure data quality across the incident lifecycle
- Monitor SLA compliance and workflow adherence
- Extract trend data and produce dashboards and reports for leadership
- Enforce incident workflow standards and drive corrective action where gaps exist
Benefits
- Equal employment opportunities without regard to race, color, religion, sex, age, national origin, physical or mental disability, pregnancy, protected veteran status, genetic information, or any other protected class in accordance with applicable federal laws.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
