Cyber Incident Manager

Overview

The Salvation Army, an international movement, is an evangelical part of the universal Christian Church. Its message is based on the Bible. Its ministry is motivated by the love of God. Its mission is to preach the gospel of Jesus Christ and to meet human needs in His name without discrimination.

We are the largest non-governmental provider of social services in America and every year, we help over 30 million Americans overcome poverty, homelessness, addiction, economic hardships, loneliness, and exploitation through a wide range of programs and services.

Our Eastern Territorial Headquarters' Information Technology Department has an opening for a Cyber Incident Manager. This position will lead the response to cyber incidents, ensuring they are handled promptly and efficiently to minimize damage and reduce recovery time and costs. They play a pivotal role in coordination with various internal and external stakeholders to manage the incident lifecycle from preparation to post-incident review through identification, containment, eradication, recovery, and lessons learned. This position is integral to the cybersecurity framework, serving as the frontline defense against incidents that can compromise sensitive data, disrupt business operations, and damage the organization's reputation. The Cyber Incident Manager is not just a technical role. The role is a strategic position that requires a blend of technical acumen, leadership skills, and business understanding to appropriately address incidents while maintaining customer engagement. This individual is critical in ensuring the organization's resilience against ever-evolving cyber threats.

This position requires approximately 35 hours of work per week and is eligible for a hybrid work arrangement (3 days onsite/ 2 days remote) after three months of employment.

Responsibilities

• Incident Leadership: The Cyber Incident Manager is responsible for taking command during cybersecurity events, orchestrating response efforts, and promptly addressing incidents. This involves quick decision-making, prioritizing tasks, and directing response teams effectively.
• Strategic Planning and Preparedness: Beyond reactive measures, this role demands proactive planning and preparedness. This includes developing, maintaining, and regularly updating incident response plans, ensuring the organization is equipped to handle various cyber incidents. It also involves conducting risk assessments and scenario planning (tabletop exercises) to anticipate potential threats and vulnerabilities.
• Coordination and Collaboration: The position requires extensive coordination with various internal departments (e.g., IT, Legal, HR, and public relations) and external entities (such as law enforcement, cybersecurity firms, and regulatory bodies). This coordination is crucial for a holistic approach to incident management, encompassing technical response, legal compliance, internal and external communications, and post-incident recovery.
• Technical Expertise and Analysis: The Cyber Incident Manager should deeply understand the cyber threat landscape, including the latest trends in cyber-attacks and defense strategies. They are expected to analyze incident patterns and weaknesses, offering insights that drive improvements in the organization’s cybersecurity posture.
• Stakeholder Engagement: Effective communication with stakeholders, including executive leadership, is a key aspect of this role. The Cyber Incident Manager must be able to translate complex technical incidents into understandable terms, advising on the impact, necessary actions, and implications for the business.
• Continuous Improvement and Learning: Post-incident analysis is a critical function. Learning from incidents to improve systems, processes, and training is essential. This role involves regularly reviewing and refining incident response strategies, staying informed about new technologies and methodologies in cybersecurity, and integrating these into the organization’s practices.
• Regulatory Compliance and Documentation: Ensuring that incident response activities adhere to legal and regulatory requirements is paramount. The Cyber Incident Manager maintains comprehensive records of incidents, responses, and outcomes for compliance purposes, audits, and continuous improvement.
• Risk Mitigation: By effectively managing cyber incidents, this role directly contributes to reducing the risk and impact of cyber threats on the organization.
• Operational Continuity: Ensuring rapid and efficient response to incidents minimizes downtime and maintains business operations, which is crucial for the organization’s success and reputation.
• Compliance and Trust: Adherence to compliance standards and effective incident handling enhances the organization's credibility and trust among clients, partners, and regulatory bodies.

Qualifications

• Bachelor's degree from four-year college or university.
• 3-5 years of related experience.
• Technical Skills: • Digital Forensics & Incident Response (DFIR)• Security Information and Event Management (SIEM) (e.g., Splunk, Sentinel, QRadar)• Intrusion Detection/Prevention Systems (IDS/IPS)• Endpoint Detection & Response (EDR) (e.g., CrowdStrike, Darktrace, SentinelOne)• Network Traffic Analysis & Packet Capture (Wireshark, etc.)• Malware Analysis & Reverse Engineering (basic to intermediate)• Log Correlation and Threat Hunting• Firewall, Proxy, and IDS Log Analysis (e.g., Fortinet, Meraki)• Threat Intelligence Integration and Analysis• Email Header and Phishing Analysis• Security Orchestration, Automation, and Response (SOAR) platforms (e.g., Palo Alto XSOAR, Swimlane)• Forensics Tools: EnCase, FTK, Autopsy, Volatility• Threat Intel Platforms: Recorded Future, ThreatConnect, MISP• Ticketing Systems: ZenDesk, ServiceNow, Jira, Remedy
• Framework Proficiency: • Incident Response Lifecycle (NIST SP 800-61, PICERL model)• Knowledge of MITRE ATT&CK Framework• Vulnerability Management & Prioritization• Disaster Recovery & Business Continuity Planning (e.g., DR/BC, BIA)• Risk Assessment & Gap Analysis• Change Control and Root Cause Analysis (RCA)
• Regulatory, Compliance, and Privacy Awareness: • HIPAA, PCI-DSS, NY SHIELD, GDPR, CCPA, CJIS, etc.• SOX ITGC Controls and Audit Support• Cyber Insurance (CLI) & Legal Considerations in Breach Response• Chain of Custody and Evidence Handling
• Leadership and Management Skills: • Relevant certifications (e.g., CISSP, CISM, GCIH, GCFA, CRISC).• Collaboration: Confluence, MS Teams, Slack, Monday.com, Telegram (war room coordination)• Strong leadership and decision-making.• Excellent communication and interpersonal skills.• Deep understanding of cybersecurity frameworks and standards.• Ability to work under pressure and handle crises effectively.

What We Offer

• Generous Medical, Dental, Vision Benefits
• TSA paid Life Insurance for Employees
• Additional life insurance options for employees
• On-site cafeteria
• Paid Time Off – Vacation, Sick, Personal day
• 403(b) retirement savings plan
• Non-contributory Pension Plan
• Professional Development
• Free, on-site Fitness Center
• Federal holidays
• Opportunities to give back and support our communities 

All qualified applicants will receive consideration for employment without regard to race, color, sex, national origin, disability or protected veteran status.