Cybersecurity Incident Response Manager (Remote)

The Nielsen Legal Team supports the company globally, protecting Nielsen’s business, products, intellectual property and reputation. The team places a focus on developing excellence and agility as we minimize risk and move the business forward. The team comprises attorneys, paralegals and legal assistants. Whether we’re solving a problem or averting a crisis, we are focused on creating the best environment possible to advance Nielsen’s reputation, preserve business opportunities, and help business to flourish. Cybersecurity Incident Response ManagerABOUT THIS JOB Nielsen Media is searching for a Cybersecurity Incident Response Manager with the following skills:1. Cloud/Network/Infrastructure fundamentals: ideally coming from an infrastructure or architecture background. I.E. - Cloud, Server, network, storage,, etc. Having a deep understanding of infrastructure will enable this person to more effectively pinpoint and contain an incident, and know when to shut down or turn on impacted systems.2. Incident Response / Metrics - Managing an IR program to develop frameworks, metrics, and ideas of how to improve. (Example questions: If you were building an IR program from scratch, walk me through how you would go about it?)NIST Framework - Nielsen measures their program against the NIST framework. Very important to understand key concepts. Incident response tool fundamentals: SIEM, MDR/EDR, forensic, vulnerability management, etc. 3. Strong written / verbal communication skills: Communication with CISO, Business, and other IT executives.Job Description: The Cybersecurity Incident Response Manager is part of their global cyber security operations team, and will be responsible for providing subject matter expertise in the monitoring and performing analysis of security events and incidents. Nielsen is looking for someone with an operational background with proven experience in incident responses at an enterprise or global level.Nielsen outsources a majority of tier 1 incidents, so this person will be responsible for critical issues that occur. This person needs to not only being an experienced incident responder but also participate in the growth and improvement of their program. Being able to improve process, documentation, and providing feedback to their team is important.Nielsen's platforms and services are currently in over 100 countries, and this allows entry points to hackers all over the globe. This Manager needs to be able to guide their team through alerts, threats, and attacks; being able to understand why something was stopped by the antivirus.The Cybersecurity Incident Response Manager at Nielsen is one of three direct reports to the VP, Threat Management. They are part of the SOC, and are responsible for managing the incident response team including providing oversight to incident response activities (triage, root cause analysis, escalation, communication etc.

Responsibilities

• People: Will need to groom the careers of associates for elevated skillsets and promotions.
• Vendor partnerships: Nielsen relies on a global MSSP for Tier 1 incidents. All incidents first flow through the MSSP, and then are escalated to the Analyst team at Nielsen for further assistance. Holding that vendor accountable will be important.
• Being metrics driven - building SLAs, holding the program and team accountable.
• Leadership - Meetings - attending weekly staff / operations meetings. Preparing the team to speak at these meetings.
• Responsible for managing a team of security analysts who are charged with the analysis and management of incident response data from a variety of sources.
• Determine work requirements, priorities, and maximize the effectiveness of analysts through efficient scheduling and cross training.
• Ensure high quality of work products, client communication, and incident response reporting.
• Provide oversight to incident response activities (triage, root cause analysis, escalations, notifications, communication, etc)Determine the severity level of incidents, act as a conduit for escalation and ensure accordance with requirements.
• Provide technical investigative support to other departments as required.
• Serve as the enterprise subject matter expert for information security incident and investigation management.
• Monitor the organization's computer networks and systems to identify any violations and security threats that need to be resolved.
• Develop and maintain IR Procedures to ensure incident response policy, procedures, and work instructions stay current and effective.
• Provide regular reporting of IR metrics with specific attention to efficiency and effectiveness measures.
• Recommend courses of action based on analysis of both general and specific threats.
• Deliver reports, briefings, and assessments to leadership, facilitating understanding of cyber threat entities and environments.
• Provide technical investigative support to other departments as required.
• Serve as the enterprise subject matter expert for information security incident and investigation management

Requirements

• 8-10 years relevant experience (2 - 4 years management experience preferred)
• Advanced knowledge of Cloud, networking, operating systems fundamentals.
• Advanced computer forensic or network forensic certifications.
• Strong analytical and problem solving skills to troubleshoot and resolve network/operating system security issues.
• Ability to perform and interpret vulnerability assessments.
• Ability to administer the operations of a security infrastructure.
• Ability to balance and prioritize work

#LI-GR1