Manager, InfoSec Operations Incident Response & Threat Intelligence

Planned Parenthood is the nation’s leading provider and advocate of high-quality, affordable sexual and reproductive health care for all people, as well as the nation’s largest provider of sex education. With more than 600 health centers across the country, Planned Parenthood organizations serve all patients with care and compassion, with respect, and without judgment, striving to create equitable access to health care. Through health centers, programs in schools and communities, and online resources, Planned Parenthood is a trusted source of reliable education and information that allows people to make informed health decisions. We do all this because we care passionately about helping people lead healthier lives. Planned Parenthood Federation of America (PPFA) is a 501(c)(3) charitable organization that supports the independently incorporated Planned Parenthood affiliates operating health centers across the U.S. Planned Parenthood Action Fund is an independent, nonpartisan, not-for-profit membership organization formed as the advocacy and political arm of Planned Parenthood Federation of America. The Action Fund engages in educational, advocacy, and electoral activity, including grassroots organizing, legislative advocacy, and voter education. Purpose: This role is responsible for supporting the Director of IR & Threat Vulnerability in building and maintaining the enterprise-wide Vulnerability, Incident Response and Cyber Threat Management program. Responsible for identifying, triaging, filtering, and documenting vulnerabilities and threats across the enterprise and working with business unit partners to harmoniously resolve security matters. The Manager performs all phases of the critical incident response life cycle: preparation, analysis, containment, eradication, remediation, recovery and post-incident activity for all incidents in support of the National Office and the Federation. Completes threat hunting in both on-premise and cloud environments. The chosen candidate for this role will also be tasked with responding, if necessary, to events/incidents on a 24x7 basis.  The Manager will also be monitoring, building, augmenting, and integrating threat detection and remediation capabilities into security operations to address emergent cyber threats to PPFA products, services, data, and infrastructure. The Manager is expected to have a thorough understanding of complex systems and stay up-to-date with the latest security standards, products, and knowledge of the evolving threat landscape. Also, helps vendor manage the MSSP partner for 24/7/365 alert monitoring. Delivery: ●Respond to security incidents and investigations - owning all phases of Incident Response. ●Review and advise on Incident Response processes and identify possible improvements.●Develop and implement tactical response procedures, guidelines, and playbooks to streamline security incidents●Maintain thorough documentation of cyber threats, threat vectors, threat actors, and threat trends for consumption during threat modeling activities and security incidents.●Assist in the development of policies, procedures, and playbooks in the areas of cybersecurity, intelligence, and data protection.●Mature and continuously benchmark the PPFA incident response playbook liaison with vendor partners, Affiliate IT Leadership, and closely partner with PPFA business functions.●Monitor robust alerting and reporting mechanisms performed by MSSP as well as internal capabilities to potential cyber threats.●Develop, organize, and maintain metrics and threat intelligence briefs illustrating the impact of the current threat landscape.●Manage vendors who perform digital forensics to ensure confidential and in-depth investigations promptly, disseminating and maintaining reports on a highly confidential basis. ●Maintain current understanding of malicious adversaries, threat groups, and campaigns, indicators of compromise (IOCs), and highly granular tools.●Deliver materials and relevant resources in advance of meetings and document meeting notes and action items.●Develop work plans for IR and Threat Intelligence, as delegated by the Director, IR & Vulnerability Threat Management and complete initiatives within and across teams to ensure timely delivery. Engagement: ●Collaborate with strategic vendor partners and external security research communities and cultivate durable relationships with external agencies and companies to produce a pipeline of high-quality threat intelligence.●Support the InfoSec Operations team with vulnerability scans, penetration tests, and logging and event management results that may indicate pre-incident indicators, ineffective processes, procedures, and standards. ●Work with the team on recommendations and findings, both in written reports and in presentation format, to the Information Security Team and business unit partners●Collaborate with key stakeholders, IT & Business Leaders at the National Office and the Affiliates on key findings and root cause analysis improvements.●Support executive leader communications on potential emergent threats and ongoing efforts to resolve active cyber security incidents and investigations.●Partner with key stakeholders on the planning and execution of incident response tabletop exercises, mock drills, and other readiness activities.●Partner with vendors and service providers to orchestrate IR and Threat Intelligence support and management of key capabilities. ●Work across department lines in developing product vulnerability remediation and incident response.Knowledge, Skills and Abilities (KSAs): Reporting to the Director InfoSec Operations IR & Threat Intelligence, these are the skills and abilities that mark a strong candidate as part of our InfoSec Operations team.●Bachelor's degree in Information Technology, Cybersecurity or equivalent experience ○Information Security certifications preferred●4+  years of work experience in Cyber Security,  threat detection, incident response, digital forensics, and vulnerability mitigation in an Information Security Operations capacity or in a related field such as IT/network incident response and vulnerability remediation.●Experience coordinating security incident meetings, dividing responsibilities, and influencing key stakeholders to resolve security incidents.●Experience and strong understanding of multiple forms of Indicators of Compromise (IoCs) and corresponding capabilities to detect, alert on them, and share information across key stakeholders.●Experience with Security Response frameworks.●Experience with Annual Threat Assessment and Control Gap Analysis.●Experience with building and reporting on Key Performance Indicators (KPI), Key Risk Indicators (KRI) and establishing thresholds with corrective actions.●Knowledge of the external security community’s culture and mindset.●Ability to recognize and respond to problems with potential solutions in a highly professional, confidential and sensitive manner.●Strong interpersonal skills.●Excellent analytical skills with sharp attention to detail and the ability to meet critical deadlines. ●Self-directed and can work alone or in a team.●Ability to work collaboratively and flexibly with a dynamic, fast-moving team, completing multiple tasks with poise, accuracy, and confidence.●Strong organizational, analytical, and problem-solving skills●Strong oral and written communication skills.Final offers for this job will be based on capabilities and will be made within the parameters of the PPFA compensation program. Total offer package to include generous vacation + sick leave + paid holidays, individual/family provided medical, dental and vision benefits effective day 1, life insurance, short/long term disability, paid family leave and 401k. We also offer voluntary opt-in for Flexible Spending Account (FSA) and Transportation/Commuter accounts.   We value a truly diverse workforce and a culture of inclusivity and belonging. Our goal is to attract qualified candidates and encourage applications from all individuals without regard to race, color, religion, sex, national origin, age, disability, veteran status, marital status, sexual orientation, gender identity, or any other characteristic protected by applicable law.  We're committed to creating a dynamic work environment that values diversity and inclusion, respect and integrity, customer focus, and innovation.PPFA participates in the E-Verify program and is an Equal Opportunity Employer.#LI-SY1*PDN-HRAll roles that are denoted as NYC, DC, or both will be on a hybrid schedule, requiring 2-3 days per week in the office.