Cybersecurity Incident Response Manager

Our client is a leading insurance company located in Markham - GTA, Toronto Area, Ontario (occasional need to go to Downtown Toronto). This is a hybrid role requiring 2-3 days in the office per week, likely to increase in 2025. This is a permanent, full-time position with a salary, bonus, pension, and benefits.

The client is looking for a technical Cybersecurity Incident Response Manager to join the Cybersecurity department. In this role, you will act as a Cybersecurity Incident Response manager and advisor, managing a team of Cybersecurity analysts and acting as a liaison between various teams, business partners, and technical teams such as Global SOC, Data Loss Prevention, Compliance, Threat Intelligence, Vulnerability and Risk Management, Governance, Identity and Access Management, Systems and Network Engineering, Software Development, 3rd Party Vendors/Suppliers, HR, and Legal.

The ideal candidate has strong SIEM, endpoint detection/prevention, and data loss prevention skills, preferably with Cloud and AWS experience. They should possess a broad knowledge of information security systems and solid skills in Incident Response, Networking, Programming, and System Administration. A background in many domains of IT, along with a strong ability and interest in learning and championing Cybersecurity, is essential.

In this role, you will be responsible for:

1. Managing a team of Incident responders and Threat Hunters (approx. 4 members).
2. Defining and maintaining the Information Security Incident Management Process and creating procedure documents for incident handling.
3. Performing forensics investigations based on logs and other data. Validating containment and remediation measures, performing Root Cause Analysis (RCA) as necessary.
4. Managing, maintaining, and enhancing Incident Response capabilities to detect, proactively hunt for, and respond to advanced cyberattacks.
5. Coordinating, monitoring, and supporting general activities related to cases, investigations, and risk mitigation and analysis.
6. Coordinating, communicating, sharing information, and working closely with various business units and teams within the company.
7. Periodically conducting tabletop exercises to test the readiness of the IR function.
8. Working closely with the Cybersecurity Engineering team on new monitoring rules implementation, playbooks, and other manual tasks automation.
9. Researching emerging threats to gain insight and understanding of the evolving threat landscape and its impact on the company.
10. Ensuring continuous improvement of the Cybersecurity posture.

1. 5+ years of hands-on experience in Cybersecurity, InfoSec, Security Engineering, and Network Engineering with emphasis on Incident Response, Threat Hunting, and Cyber Security Operations.
2. Knowledge in the following Cybersecurity domains:
1. Securing infrastructure in public clouds (AWS, Azure, GCP, etc.).
2. SIEM, Log Management, Network Security & Monitoring.
3. Endpoint detection protection and response.
4. Cryptographic services.
5. Computer Forensics.
6. Vulnerability Management.
7. SOAR and playbooks automation.
8. IAM/PAM.
9. Intrusion Detection and Prevention.
10. Data Loss Prevention.
11. Threat Intelligence and UEBA.
3. Excellent problem-solving skills, ability to coordinate with different local and global teams.
4. Ability to move quickly in a fast-paced and fluid environment, as well as influence peers and partners to prioritize issues as needed.
5. High proficiency in creating and presenting incident summary reports.
6. Familiarity with security frameworks such as NIST, PCI, and CIS.
7. Ability to plan, organize, and prioritize tasks to complete within established time frames.
8. Ability to work independently without direct supervision, self-motivated, and meet tight deadlines.
9. Outstanding technical skills, knowledge of network protocols and communication principles, understanding of vulnerabilities and remediation techniques.
10. Excellent written, verbal, and interpersonal skills.
11. Continuous improvement attitude.
12. Professional and courteous in all interactions.
13. Able to influence, innovate, and drive Cybersecurity standard methodologies.
14. Experience in AWS and Azure is a plus.
15. BS Degree in Computer Science/Engineering, Information Security/Technology, or in a related technical field or equivalent practical experience.
16. At least one standard industry certification such as GSEC, CISA/CISM/CISSP/CSCS/CEH or equivalent certifications.