Cyber Incident Manager

The Salvation Army an international movement is an evangelical part of the universal Christian Church. Its message is based on the Bible. Its ministry is motivated by the love of God. Its mission is to preach the gospel of Jesus Christ and to meet human needs in His name without discrimination.

We are the largest non-governmental provider of social services in America and every year we help over 30 million Americans overcome poverty homelessness addiction economic hardships loneliness and exploitation through a wide range of programs and services.

The Information Technology department has an opportunity for a Cyber Incident Manager position. The Cyber Incident Manager will lead the response to cyber incidents ensuring they are handled promptly and efficiently to minimize damage and reduce recovery time and costs. They play a pivotal role in coordination with various internal and external stakeholders to manage the incident lifecycle from preparation to post-incident review through identification containment eradication recovery and lessons learned. This position is integral to the cybersecurity framework serving as the frontline defense against incidents that can compromise sensitive data disrupt business operations and damage the organizations reputation. The Cyber Incident Manager is not just a technical role. The role is a strategic position that requires a blend of technical acumen leadership skills and business understanding to appropriately address incidents while maintaining customer engagement. This individual is critical in ensuring the organizations resilience against ever-evolving cyber threats.

The position location is West Nyack New York and requires approximately 35 hours of work per week and is eligible for a hybrid work arrangement (3 days onsite/ 2 day remote) after three months of employment.

• Incident Leadership: The Cyber Incident Manager is responsible for taking command during cybersecurity events orchestrating response efforts and promptly addressing incidents. This involves quick decision-making prioritizing tasks and directing response teams effectively.
• Strategic Planning and Preparedness: Beyond reactive measures this role demands proactive planning and preparedness. This includes developing maintaining and regularly updating incident response plans ensuring the organization is equipped to handle various cyber incidents. It also involves conducting risk assessments and scenario planning (tabletop exercises) to anticipate potential threats and vulnerabilities.
• Coordination and Collaboration: The position requires extensive coordination with various internal departments (e.g. IT Legal HR and public relations) and external entities (such as law enforcement cybersecurity firms and regulatory bodies). This coordination is crucial for a holistic approach to incident management encompassing technical response legal compliance internal and external communications and post-incident recovery.
• Technical Expertise and Analysis: The Cyber Incident Manager should deeply understand the cyber threat landscape including the latest trends in cyber-attacks and defense strategies. They are expected to analyze incident patterns and weaknesses offering insights that drive improvements in the organizations cybersecurity posture.
• Stakeholder Engagement: Effective communication with stakeholders including executive leadership is a key aspect of this role. The Cyber Incident Manager must be able to translate complex technical incidents into understandable terms advising on the impact necessary actions and implications for the business.
• Continuous Improvement and Learning: Post-incident analysis is a critical function. Learning from incidents to improve systems processes and training is essential. This role involves regularly reviewing and refining incident response strategies staying informed about new technologies and methodologies in cybersecurity and integrating these into the organizations practices.
• Regulatory Compliance and Documentation: Ensuring that incident response activities adhere to legal and regulatory requirements is paramount. The Cyber Incident Manager maintains comprehensive records of incidents responses and outcomes for compliance purposes audits and continuous improvement.
• Risk Mitigation: By effectively managing cyber incidents this role directly contributes to reducing the risk and impact of cyber threats on the organization.
• Operational Continuity: Ensuring rapid and efficient response to incidents minimizes downtime and maintains business operations which is crucial for the organizations success and reputation.
• Compliance and Trust: Adherence to compliance standards and effective incident handling enhances the organizations credibility and trust among clients partners and regulatory bodies.

• Bachelors degree from four-year college or university.
• 3-5 years of related experience.
• Technical Skills:
  Digital Forensics & Incident Response (DFIR)
  Security Information and Event Management (SIEM) (e.g. Splunk Sentinel QRadar)
  Intrusion Detection/Prevention Systems (IDS/IPS)
  Endpoint Detection & Response (EDR) (e.g. CrowdStrike Darktrace SentinelOne)
  Network Traffic Analysis & Packet Capture (Wireshark etc.)
  Malware Analysis & Reverse Engineering (basic to intermediate)
  Log Correlation and Threat Hunting
  Firewall Proxy and IDS Log Analysis (e.g. Fortinet Meraki)
  Threat Intelligence Integration and Analysis
  Email Header and Phishing Analysis
  Security Orchestration Automation and Response (SOAR) platforms (e.g. Palo Alto XSOAR Swimlane)
  Forensics Tools: EnCase FTK Autopsy Volatility
  Threat Intel Platforms: Recorded Future ThreatConnect MISP
  Ticketing Systems: ZenDesk ServiceNow Jira Remedy
• Framework Proficiency:
  Incident Response Lifecycle (NIST SP 800-61 PICERL model)
  Knowledge of MITRE ATT&CK Framework
  Vulnerability Management & Prioritization
  Disaster Recovery & Business Continuity Planning (e.g. DR/BC BIA)
  Risk Assessment & Gap Analysis
  Change Control and Root Cause Analysis (RCA)
• Regulatory Compliance and Privacy Awareness:
  HIPAA PCI-DSS NY SHIELD GDPR CCPA CJIS etc.
  SOX ITGC Controls and Audit Support
  Cyber Insurance (CLI) & Legal Considerations in Breach Response
  Chain of Custody and Evidence Handling
• Leadership and Management Skills:
  Relevant certifications (e.g. CISSP CISM GCIH GCFA CRISC).
  Collaboration: Confluence MS Teams Slack Telegram (war room coordination)
  Strong leadership and decision-making.
  Excellent communication and interpersonal skills.
  Deep understanding of cybersecurity frameworks and standards.
  Ability to work under pressure and handle crises effectively.

What We Offer

• Generous Medical Dental Vision Benefits
• TSA paid Life Insurance for Employees
• Additional life insurance options for employees
• On-site cafeteria
• Paid Time Off Vacation Sick Personal day
• 403(b) retirement savings plan
• Non-contributory Pension Plan
• Professional Development
• Free on-site Fitness Center
• Federal holidays
• Opportunities to give back and support our communities

All qualified applicants will receive consideration for employment without regard to race color sex national origin disability or protected veteran status.