Sign up to access all features of our service.
  • Job search
  • Favorites
  • Create a CV
    New
  • Salaries
  • Subscriptions

Digital Forensics & Incident Response (DFIR) Manager

$107k - $214.5k

RSM US LLP

We are the leading provider of professional services to the middle market globally, our purpose is to instill confidence in a world of change, empowering our clients and people to realize their full potential. Our exceptional people are the key to our unrivaled, culture and talent experience and our ability to be compelling to our clients. You'll find an environment that inspires and empowers you to thrive both personally and professionally. There's no one like you and that's why there's nowhere like RSM.

The RSM Cyber Response team leads organizations through some of their most consequential cyber events. The DFIR Manager serves as both incident commander and engagement leader, overseeing multiple complex matters while aligning technical, legal, executive, and insurance workstreams.

This role requires strong incident command authority, deep ransomware experience, and the ability to guide cross-functional response efforts at the executive level. Managers maintain oversight across engagements, provide escalation guidance to Supervisors, and ensure investigative quality, consistency, and defensibility across the practice.

The DFIR Manager is accountable not only for technical excellence, but also for engagement delivery, stakeholder alignment, and operational leadership during crisis response.

Responsibilities:

  • Serve as incident commander during high-severity events, particularly ransomware and enterprise-scale breaches.
  • Oversee multiple concurrent engagements, ensuring quality, consistency, and appropriate resource allocation.
  • Define investigative strategy and escalation thresholds for complex incidents.
  • Align technical response with legal, regulatory, insurance, and executive considerations.
  • Review and approve investigative findings, containment validation, and executive reporting.
  • Act as senior advisor to client executives, legal counsel, and cyber insurers.
  • Provide guidance to Supervisors on advanced investigative decisions and complex threat actor scenarios.
  • Maintain executive-level communication cadence during incidents.
  • Support development of standardized methodologies, playbooks, and quality controls across the practice.
  • Mentor Supervisors and Consultants in both technical depth and client leadership.
  • Participate in on-call rotation and provide oversight during critical incidents.

Preferred Qualifications:

Expertise in all areas is not required; however, candidates should demonstrate strong foundational knowledge and a willingness to continuously learn and expand their capabilities.

  • Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or equivalent experience.
  • Proven experience leading enterprise-scale ransomware and breach investigations.
  • Deep understanding of:
    • Threat actor operations and ransomware tradecraft
    • Identity compromise and domain-level persistence
    • Cloud and hybrid environment incident response
    • Data exfiltration risk assessment and reporting
  • Strong hands-on familiarity with EDR platforms, SIEM technologies, and forensic toolsets.
  • Demonstrated ability to manage multiple high-pressure engagements simultaneously.
  • Experience coordinating with legal counsel, cyber insurance carriers, and executive leadership.
  • Strong executive presence and crisis communication ability.
  • Experience mentoring and developing DFIR leaders.
  • Certifications such as GCFA, GCIH, CISSP, OSCP, or equivalent preferred.
  • Willingness to participate in on-call rotation.

At RSM, we offer a competitive benefits and compensation package for all our people.We offer flexibility in your schedule, empowering you to balance life's demands, while also maintaining your ability to serve clients.Learn more about our total rewards at

All applicants will receive consideration for employment as RSM does not tolerate discrimination and/or harassment based on race; color; creed; sincerely held religious beliefs, practices or observances; sex (including pregnancy or disabilities related to nursing); gender; sexual orientation; HIV Status; national origin; ancestry; familial or marital status; age; physical or mental disability; citizenship; political affiliation; medical condition (including family and medical leave); domestic violence victim status; past, current or prospective service in the US uniformed service; US Military/Veteran status; pre-disposing genetic characteristics or any other characteristic protected under applicable federal, state or local law.

Accommodation for applicants with disabilities is available upon request in connection with the recruitment process and/or employment/partnership.RSM is committed to providing equal opportunity and reasonable accommodation for people with disabilities. If you require a reasonable accommodation to complete an application, interview, or otherwise participate in the recruiting process, please call us at View phone number on click.appcast.io or send us an email at View email address on click.appcast.io.

RSM does not intend to hire entry level candidates who will require sponsorship now OR in the future (i.e. F-1 visa holders). If you are a recent U.S. college / university graduate possessing 1-2 years of progressive and relevant work experience in a same or similar role to the one for which you are applying, excluding internships, you may be eligible for hire as an experienced associate.

RSM will consider for employment qualified applicants with arrest or conviction records. For those living in California or applying to a position in California, please click here for additional information.

At RSM, an employee's pay at any point in their career is intended to reflect their experiences, performance, and skills for their current role. The salary range (or starting rate for interns and associates) for this role represents numerous factors considered in the hiring decisions including, but not limited to, education, skills, work experience, certifications, location, etc. As such, pay for the successful candidate(s) could fall anywhere within the stated range.

Compensation Range: $107,000 - $214,500

Individualsselected for this role will be eligible for a discretionary bonus based on firm and individual performance.

Vacancy posted 20 hours ago
Similar jobs that could be interesting for youBased on the Digital Forensics & Incident Response (DFIR) Manager in Chicago, IL vacancy
  • $70.35k - $205.8k

     ...Cyber Investigation and Forensic Response (CIFR) practice is at...  ...consequential cyber incidents. We deliver around-...  ...have deep expertise in Digital Forensics, Incident...  ..., Incident Response (DFIR) experience with demonstrated...  ...patterns Project management, analytical, and... 
    Digital
    Work experience placement
    Live in
    Work at office
    Local area

    Accenture

    Chicago, IL
    2 days ago
  •  ...Overview A leading tech-enabled digital intelligence, investigation, and risk advisory firm is looking to appoint a Senior Associate, Digital Forensics and Incident Response (DFIR). The firm is seeking a dynamic new team member to help grow its Digital Forensics... 
    Digital
    Chicago, IL
    27 days ago
  • $110.8k - $226.4k

     ...our industry. Job Description: Incident Response Manager Position Summary The Incident...  ...directors, and other stakeholders. Direct forensic investigations, threat hunting...  ...years focused on incident response, digital forensics, threat hunting, or cyber defense... 
    Digital
    Local area
    Worldwide

    Crowe

    Chicago, IL
    2 days ago
  • Accenture is seeking a hands-on technical leader for their Cyber Investigation and Forensic Response (CIFR) practice in Chicago. The candidate will excel in incident response and digital forensics, conducting complex analyses, mentoring investigators, and communicating... 
    Digital

    Accenture

    Chicago, IL
    3 days ago
  • $130k - $152.5k

     ...Senior Associate/Cybersecurity & Incident Response (Forensic Services Practice) Boston, MA, United...  ...Our two main services – economic and management consulting – are delivered by practice...  ...; Performing forensic analysis of digital information using standard computer forensics... 
    Digital
    Work at office
    Local area
    Work from home
    3 days per week

    Charles River Associates

    Chicago, IL
    4 days ago
  • $117.6k - $161.7k

     ...metro, Chicago, Boston, Atlanta, Nashville. The Senior Digital Forensics and Incident Response Engineer provides forensics technical expertise and...  ...forensics analysis recommendations for remediation activities. Manages a real-time forensic capability that collects, assesses... 
    Digital
    Full time
    Temporary work
    For contractors
    Apprenticeship
    Remote work
    Work from home
    Relocation
    Home office

    Humana

    Chicago, IL
    3 days ago
  •  ...consider a career in Advisory. We are currently seeking a Manager, Incident Response to join our Advisory practice. Responsibilities Lead...  ..., and cross functional stakeholder management (legal, forensics, privacy, communications, and leadership) during high impact... 
    Full time
    Work experience placement
    H1b
    Local area

    KPMG

    Chicago, IL
    9 days ago
  • Flynaut LLC. is seeking a Cybersecurity Analyst in Chicago, IL to protect clients’ digital assets. As part of the Cybersecurity team, you will monitor security events, conduct incident response, and assist clients in compliance with security frameworks. Experience with... 
    Digital

    Flynaut LLC.

    Chicago, IL
    20 hours ago
  • $115k - $130k

     ...technology company is seeking an IT Security Engineer to enhance security for digital assets. In this role, you will design and implement security controls, monitor security alerts, and lead incident response. Ideal candidates possess a Bachelor's degree and 4-7 years of... 
    Digital
    Remote job
    Full time

    Redwood Logistics

    Chicago, IL
    20 hours ago
  • $103.27k - $206.54k

     ...KPMG is currently seeking a Manager, Forensic Technology to join our...  ...Advisory Services practice. Responsibilities: Manage and advise...  ...platforms to uncover digital evidence Consult with...  ...line Digital Forensics and Incident Response (DFIR) tools and techniques to... 
    Digital
    Full time
    H1b
    Local area

    KPMG

    Chicago, IL
    9 days ago
  • A leading global food retailer is seeking a Security Engineering Manager to safeguard their technology environment in Chicago. This role involves enforcing security policies, managing incident responses, and collaborating with IT and business teams. The ideal candidate... 
    Flexible hours

    ViziRecruiter,LLC.

    Chicago, IL
    4 days ago
  • $139.12k - $208.68k

    A leading grocery retailer is seeking a Security Engineering Manager in Chicago to safeguard its technology environment. This role handles security policies, manages the incident response plan, and investigates potential threats. Candidates should have at least 10 years... 
    Flexible hours

    ViziRecruiter,LLC.

    Chicago, IL
    1 day ago
  • $307.4k - $341.55k

     ...Technology Officer / General Manager Area: Information Technology...  .... ~ Strong grasp of modern digital platforms and delivery...  ...improvement. You Will Be Responsible For Serving as the organization...  ...leading risk management and incident readiness. Ensuring technology... 
    Digital
    Work at office
    Relocation package
    Flexible hours
    2 days per week

    Rotary International

    Evanston, IL
    4 days ago
  • $167.5k - $269.88k

     ...a strategic leadership role responsible for overseeing the application...  ...on Business Relationship Management (BRM), this role builds trusted...  ...and support, and drives digital transformation to enable business...  ...maintenance, enhancements, incident resolution, and service-... 
    Digital
    Temporary work
    Worldwide

    Chamberlain Group

    Oak Brook, IL
    4 days ago
  •  ...empower and facilitate trust for a digital-first world. Today,...  ...handle crucial security and PR incidents daily. Champion Outtake's solutions...  ...we can transform incident response and brand protection on a...  ...remains the premier incident management and brand protection platform... 
    Digital
    Full time
    Work at office
    Immediate start
    Flexible hours

    Outtake

    Chicago, IL
    2 days ago
  • $73.45k - $132.78k

     ...an opportunity for a Project Manager to join our Power Delivery...  ...quality. The Project Manager is responsible to ensure day-to-day...  ...with smarter, more efficient digital and mission innovations. Headquartered...  ...enforcement and report the incident to the U.S. Federal Trade Commission... 
    Digital
    Contract work
    For subcontractor
    Local area
    Immediate start
    Remote work
    Flexible hours

    Leidos

    Chicago, IL
    20 hours ago
  • $75k - $85k

     ...heartbeat of our community—responsible for the daily operations, staff...  ...consistency in classroom management and lesson implementation...  ...Oversee emergency drills, incident reports, and daily health/safety...  ...staff Organize and manage digital files across shared drives... 
    Digital

    The Goddard School

    Chicago, IL
    1 day ago
  • $59.15k - $106.93k

     ...opportunity for a Project Manager I (PM) who will work alongside...  ...nationwide. Primary Responsibilities Independently lead project...  ...with smarter, more efficient digital and mission innovations. Headquartered...  ...enforcement and report the incident to the U.S. Federal Trade... 
    Digital
    Contract work
    For subcontractor
    Local area
    Immediate start
    Work from home

    Leidos

    Chicago, IL
    1 day ago
  •  ...If the position includes overnight responsibilities, this role may be required to respond to...  ...when violations occur. Utilize our digital guest registry system to create room reservations...  ...needs of the families Complete incident reports and submit within 24 hours of... 
    Digital
    Work experience placement
    Work at office
    Shift work
    Night shift

    Ronald McDonald House Chicagoland & Northwest Indiana

    Chicago, IL
    4 days ago
  • $150k - $170k

     ...Description The Microsoft 365 Platform Manager owns the definition,...  ...role partners closely with Digital Workplace leadership, Cyber Security...  ...intentional, scalable, and responsible use of Microsoft 365...  ...365 administration. Routine incident management or operational escalation... 
    Digital
    Full time

    UL Solutions

    Chicago, IL
    1 day ago
  •  ...Financial Services, Leasing, Asset Management, or Capital Markets Role...  ...is a senior leadership role responsible for end-to-end service...  ...adoption of ITIL, automation, and digital service management practices...  ...Deep understanding of incident, problem, change, release, and... 
    Digital
    Contract work
    Work at office

    HCLTech

    Chicago, IL
    4 days ago
  • $12 per day

     ...Summary & Objectives The Senior Marketing Manager will spearhead the development and...  ...’s specialized services in cyber incident response, digital asset security, and crypto investigations...  ...incident response and cryptocurrency forensics and investigations. Cultivate and... 
    Digital
    Local area
    Immediate start
    Remote work
    Flexible hours

    DigitalMint

    Chicago, IL
    1 day ago
  •  ...enforces school protocols in response to emergency situations....  ...administration on best practices for managing student movement throughout...  ...of student or staff incidents. Assists the administration...  ...to operate functionally in a digital environment for communication... 
    Digital
    Full time
    Local area
    Day shift
    Afternoon shift

    Meridian Charter Schools

    Chicago, IL
    17 days ago
  • $185k - $277k

     ...Overview The Senior Manager of Enterprise Security...  ...people leader responsible for developing, implementing...  ..., e-discovery, and forensic integrity requirements...  ...detection engineering, incident response, endpoint management...  ...litigation holds, and digital forensics chain-of-... 
    Digital
    Work at office
    Remote work

    Relativity

    Chicago, IL
    3 days ago
  • $80k - $90k

     ...Overview: The Safety & Security Manager contributes to the...  ...employees ; coordinates accident/incident process; conducts audits and...  ...vary by location. Key Responsibilities: ~ Ensure compliance with...  ...coordinate ~ Audits TAS Safety digital files to maintain a clean... 
    Digital
    Full time
    Contract work
    Temporary work
    Work at office
    Local area
    Shift work
    Weekend work

    Transdev

    Chicago, IL
    2 days ago
  •  ...client will be mandatory. Responsibilities Operations Accountable for...  ...Develop and maintain Crisis Management/Disaster Plans. Implement project...  .../Escalation/Missed SLA incidents. Implement and execute automation...  .... Preferred Skills Digital Transformation experience leveraging... 
    Digital

    NTT DATA, Inc.

    Chicago, IL
    2 days ago
  • $127.87k - $166.49k

     ...everything from booking and managing reservations, to questions about...  ...day. Job overview and responsibilities The Senior Manager - Agent Chat...  ...with cross- functional digital teams to improve the holistic...  ...continuity to include agent access, incident management response,... 
    Digital
    Remote job
    Hourly pay
    Work experience placement

    United Airlines

    Chicago, IL
    2 days ago
  •  ...in Advisory. KPMG iscurrently seeking a Manager, Strategic Change Management for our  Consulting practice. Responsibilities: Lead client service delivery teams in...  ...transformations including AI Adoption, Digital / ERP, M&A, Cost-Takeout, Portfolio Change... 
    Digital
    Full time
    Work experience placement
    H1b
    Work at office
    Local area

    KPMG

    Chicago, IL
    9 days ago
  •  ...currently seeking aDirector, Strategic Change Management in Human Capital Advisory for our  Consulting practice. Responsibilities: Design and lead integrated OCM...  ...Business Services / Outsourcing transformations, digital transformations/ ERP, AI Adoption and... 
    Digital
    Full time
    Work experience placement
    Local area
    Visa sponsorship

    KPMG

    Chicago, IL
    9 days ago
  • $148k - $197.45k

     ...the client will be mandatory. Responsibilities Accountable for end‑to‑end...  ...Develop and maintain Crisis Management/Disaster Plans. Implement project...  .../Escalation/Missed SLA incidents. Implement and execute automation...  .... Preferred Skills Digital Transformation experience leveraging... 
    Digital
    Temporary work
    Flexible hours

    NTT DATA

    Chicago, IL
    20 hours ago

Do you want to receive more vacancies?

Subscribe and receive similar vacancies to Digital Forensics & Incident Response (DFIR) Manager. Be the first to apply!