At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all.
EY-Cyber Security-CMS TDR – Incident Management Lead
We are seeking a highly skilled and experienced Cyber Security Incident Manager/Lead to join our organization. The successful candidate will be responsible for leading our security incident response initiatives during high-severity incidents, as well as supporting and supervising P1/P2 incident bridges facilitated by our central/Service Integration and Management (SIAM) teams when necessary. The Cyber Security Incident Manager will collaborate closely with both internal and external stakeholders, including vendors and third parties, to ensure the swift resolution and mitigation of security threats that could potentially affect the organization’s information assets and infrastructure..
Your key responsibilities
Lead the response to cyber incidents, ensuring that all relevant threats are identified, contained, eradicated, and recovered from in a timely and secure manner.
Oversee P1/P2 incident bridges, facilitating real-time discussions and providing guidance to help both client security teams and stakeholders make informed decisions. Assist in directing SIAM teams toward a rapid and effective resolution of incidents.
Develop and maintain incident management protocols and Standard Operating Procedures (SOPs) to ensure a consistent and effective response to cyber incidents.
Coordinate with cross-functional teams, including IT, OT, network teams, Security, forensic, legal, and external partners, to ensure an integrated approach to incident management.
Act as a primary point of contact for major security incidents, providing regular status updates to executive management SIAM and other key stakeholders.
Perform post-incident reviews and analysis to identify root causes, lessons learned, and follow-up actions to improve security posture and incident response capabilities.
Plan and conduct regular training exercises and simulations to ensure the readiness and resilience of the SOC/Threat Detection Response teams, incident response and retainer services, threat hunting groups, and the broader organizational teams against known and emerging cyber threats.
Stay informed of the latest cyber security trends and threat intelligence to anticipate and prepare for emerging security incidents.
Maintain a detailed knowledge of the organization’s infrastructure, defence layer and systems to effectively lead incident response efforts.
Ensure all actions, activities associated with the incidents are logged, documented, and tracked in line with organizations / regulatory requirements and industry best practices.
Collaborate with the Cyber Security team, SIEM/EDR specialists, and other Security platform engineers and analysts to enhance the defence controls of security solutions/tools and technologies, as well as to improve our investigation and response processes.
Lead and mentor Security teams and junior incident responders to develop their skills and understanding of incident management practices.
Skills and attributes for success
Bachelor’s degree in information security, Computer Science, or a related field; master’s degree preferred.
A minimum of 5 years of experience in a Cyber Security Incident Response role, with at least 2 years in a leadership position.
Certifications like Certified Information Systems Security Professional (CISSP), Certified Incident Handler (GCIH), Certified Information Security Manager (CISM) or equivalent
Proven track record of managing and resolving high-severity cyber security incidents effectively.
Strong understanding of IT & OT network infrastructure, security architecture, and the cyber threat landscape.
Exceptional communication and leadership skills, with the ability to coordinate complex incident responses under pressure.
Analytical and problem-solving skills, with attention to detail.
Experience implementing and managing Security Information and Event Management (SIEM), EDR tools and technologies.
Familiarity with regulatory compliance requirements related to cyber security (e.g., NIST, ISO, GDPR, HIPAA, etc.).
Ability to work flexible hours and be on call for potential security incidents.
Have a secure and reliable internet connection during on-call and responding to incidents, retain the ability to be reached by phone, email, or other designated channels.
What working at EY offers
At EY, we’re dedicated to helping our clients, from start–ups to Fortune 500 companies — and the work we do with them is as varied as they are.
You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer:
Support, coaching and feedback from some of the most engaging colleagues around
Opportunities to develop new skills and progress your career
The freedom and flexibility to handle your role in a way that’s right for you
EY | Building a better working world
EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.
Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.
Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.