Incident Response Manager

Direct message the job poster from CyberClan

Company Summary

Established in 2006, CyberClan’s carefully selected team of experts are capable of solving complex cyber security challenges – keeping data secure and businesses running as usual. CyberClan’ Global Incident

Response Teams are available 24/7/365 to leap into action, responding to all cyber-attacks with proven

defensive methodology. Our goal is to get businesses fully operational as quickly as possible and to

further prevent any downtown or impact to the business operations. CyberClan investigates and assists

clients with all types of security breaches, insider threat, unauthorized access, malicious code.

Job Summary

The role leads a high-performing Security Incident Response function, overseeing cross-functional investigations, incident resolution, and remediation efforts across global operations. This position is responsible for developing and implementing incident response strategies, driving key performance metrics, mentoring team members, and ensuring legal and technical integrity throughout forensic investigations. As a strategic partner to leadership, the role provides detailed reporting, resource management, and operational oversight while also acting as a technical authority during incidents. The ideal candidate fosters innovation, ensures constant readiness through training and tooling, and plays a critical role in post-breach remediation, client communication, and maintaining organizational resilience in a 24x7 environment.

Responsibilities of Role

• Leading security incidents in a cross-functional and collaborative environment, targeting incident resolution & mentoring team members to continue to scale in high-growth environment

• Developing IR initiatives that improve our capabilities to respond and swiftly remediate security events

• Creating a culture of accountability, quality, agility, and high performance that will foster the attraction, development, and retention of security analysts

• Responsible for being a focal incident response point for all within the organization. This includes being able to provide initial analysis and identification of IOC’s, escalation to the appropriate business units and post-incident activities.

• Oversee Incident Response Plans: Design, implement, and manage the client's incident response policies and procedures to ensure preparedness.

• Coordinate Incident Response Teams: Lead cross-functional teams during security incidents, ensuring an organized and timely response.

• Triage and Prioritize Incidents: Assess incidents for severity and potential impact, assigning appropriate resources and setting response priorities.

• Communication: Serve as technical point of contact during an incident, providing updates to internal and external stakeholders.

• Serve as an incident manager, reporting key findings, barriers, escalations and concerns to the Head of DFIR, while liaising with Legal, Director of Sales and IRC team

• Maintain and prepare departmental reports for Key Performance Indicators (KPIs) to be presented to the Global Head of DFIR and EVP Sales & Revenue as needed

• Responsible for supporting a wide number of technologies and being able to proficiently perform advanced troubleshooting on the fly (packet captures, debugs, traffic analysis)

• Responsible for developing and documenting Incident Response methods and guidelines for the organizations

• Support in the departments DFIR tooling selection process and any proof of concept projects.

• Chain of Custody: Ensure that evidence is collected, handled, and preserved in a legally defensible manner, maintaining the chain of custody for potential litigation

• Perform live-endpoint investigation

• Implements and deploys an Incident Response focused ticketing system to improve incident tracking, remediation and metrics for incidents worked.

• Post-incident Analysis: Conduct root cause analysis after incidents to identify vulnerabilities and develop strategies to prevent recurrence.

• Responsible for working with 3rd parties in order to assist with incident response, business email compromise, security breach, improve overall security, investigations, recommendations and remediation.

• Assists Sales and SOC in the successful conversion from incident response, PBR, RMS, eDiscovery to SOC; including process and procedure build out.

• Budget and Resource Management: Oversee the allocation of resources, including personnel, tools, and budgets, to effectively manage incident response and forensics operations.

• Monitor and Manage Regional profit & loss metrics and requirements

• Create and maintain and enhanced onboarding program that is concise and repeatable, effectively covering all aspects of the CERT role

• Client Education: Raise awareness across external organizations about digital forensics, incident response protocols, and security best practices.

• Maintain and manage AWS instances to ensure timely deletion and removal of data to minimize company and customer fees/overages

• Other duties as assigned

Requirements/Must Haves

• Minimum 3 years of Management/Leadership experience & client facing experience in technical situations

• Minimum 6 years of experience in Incident Response

• Bachelor’s degree or matched work experience

• 5+ years of information security experience as well as leading teams with a deep passion for cybersecurity and incident response

• Experience in the Cyber Insurance and Legal markets

• Successful track record of helping to implement security initiatives and frameworks in a flexible and innovative manner

• A collaborative approach to decision-making and the ability to influence with minimal guidance

• Experience in conducting Tabletop Exercises in Incident Response

• Experience in the deployment and management of EDR Technology

• Experience with Security Technologies and NIST Framework

• Experience in forensic investigations both on-premise and cloud

• Experience in mentoring developing and delivering inhouse training

• Must be available to provide coverage to meet business requirements in 3 regions

• Strong knowledge of DFIR Tools

• Strong knowledge of Virtualization Technologies, Operating Systems, Firewalls, VPN’s, SIEM, Enterprise Gateway Technologies, Networking Devices, Security Technologies, etc.

Asset/Nice-to-Have

• Bilingual – Ability to communicate in English and French

Job Type

Location

• Candidate must have legal authorization to work in the US/UK/CA/RO/AUS

• Ability to travel up to 10% of the time as necessary for complex CERT incidents and for customer sales & marketing-based events as needed (This can include international travel from time to time)

Physical Requirements

• Prolonged periods of sitting at a desk and working on a computer.

CyberClan is an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran, or disability status.

• Seniority level
  Mid-Senior level

• Employment type
  Full-time

• Job function
  Engineering and Information Technology
• Industries
  Computer and Network Security

Referrals increase your chances of interviewing at CyberClan by 2x

Get notified about new Incident Manager jobs in Canada.

Montreal, Quebec, Canada $31.44-$49.12 3 months ago

Canada CA$80,000.00-CA$90,000.00 1 week ago

Canada CA$69,500.00-CA$124,200.00 5 days ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.