EY TC-CS-Cyber Detection Response-Incident Response-Manager 

India, Karnataka, Bengaluru 

623384930

Key Responsibilities:

• Leadership and Strategy:
  • Lead and manage the incident response team, including Tier 3 analysts and other cybersecurity personnel, in responding to security incidents.
  • Develop and implement incident response strategies, policies, and procedures in alignment with organizational objectives and industry best practices.
  • Coordinate with the Cyber Defense lead to ensure a cohesive and comprehensive approach to cybersecurity defense.
• Incident Response Execution:
  • Oversee the execution of Tier 3 security incident response services, addressing application, network, and infrastructure security alert events.
  • Assign containment, eradication, and recovery tasks to the appropriate resource teams, ensuring swift and effective action.
  • Direct response actions on managed hosts where the Security Operations Center (SOC) team has requisite access and permissions, including isolating compromised or infected hosts.
• Cyberattack Disruption and Mitigation:
  • Lead efforts to disrupt cyberattacks, including the isolation of compromised hosts and implementation of pre-approved containment actions.
  • Ensure that all actions taken are in accordance with documented procedures and permissions.
• Incident Communication and Clarification:
  • Provide clear communication of incident details, containment, eradication, and recovery recommendations to the cyber defense team and other relevant stakeholders.
  • Participate in cyber defense calls, providing updates and strategic guidance on cybersecurity incidents and defense activities.
• Quality Assurance and Continuous Improvement:
  • Conduct periodic peer reviews of Tier 2 analyst work to identify trends, assess effectiveness, and recommend areas for improvement.
  • Promote a culture of continuous improvement within the incident response team by fostering knowledge sharing, training, and professional development.
• Escalation and Reporting:
  • Manage the escalation of critical incidents to senior leadership and other relevant parties, ensuring timely and accurate reporting.
  • Develop and deliver incident reports and presentations to executive management, highlighting incident impact, response actions, and lessons learned.
• Collaboration and Stakeholder Engagement:
  • Collaborate with cross-functional teams, including IT, legal, compliance, and external partners, to coordinate incident response efforts.
  • Engage with external stakeholders, such as law enforcement and third-party vendors, as necessary during incident investigations.
• Risk Management and Compliance:
  • Ensure that incident response activities comply with legal, regulatory, and organizational requirements.
  • Lead the assessment and management of risks associated with cybersecurity incidents, developing strategies to mitigate future threats.

Qualifications:

• Extensive experience in cybersecurity, particularly in incident response and threat management, with a strong background in leading teams.
• In-depth knowledge of application, network, and infrastructure security.
• Proven ability to manage complex security incidents, including advanced threat detection, containment, and remediation.
• Strong leadership and communication skills, with experience presenting to executive management and external stakeholders.
• Proficiency in security technologies, including SIEM systems, IDS/IPS, EDR, and other monitoring and response tools.
• Familiarity with regulatory requirements and compliance standards related to cybersecurity.
• Ability to work under pressure and manage multiple high-priority incidents simultaneously.

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.