Global Information Security Manager - Incident Response

WHAT YOU'LL DO

Participate as an integral part of the Cyber Security Incident Response Team

• Support cyber incident response actions to ensure proper assessment, containment, mitigation and documentation
• Support cyber investigations and contribution to large and small scale computer security incidents
• Review and analyze cyber threats and provide support, mentorship, and training to junior level security analysts
• Work closely with CSIRT team & technology to detect, investigate, and communicate cyber threats
• Update the Security Team and other groups on industry trends and recommend initiatives to help lower risk
• Proactively monitoring and analyze logs via the SIEM for indicators of attack
• Proactively identifying process improvements and taking initiative to implement changes.
• Contribute to develop our standard operating procedures and playbooks.
• Maintain up-to-date knowledge of the cyber security industry

YOU'RE GOOD AT

The Incident Response Manager is an experienced position within the CSIRT that requires a thorough understanding of Incident Response (IR) operations and best practices, including triage and escalation.
They work with various teams inside BCG and with vendors and partners to support the CSIRT mission of preventing, detecting, and responding to cyber threats.

This role requires advanced analytical and methodical skills coupled with strong, detail-oriented documentation skills that together yield consumable and comprehensive investigation reports. In addition, it requires the ability to assess multiple incidents at a given time. This means the candidate should be able to quickly and effectively prioritize actions based on incident severity while incorporating risk to BCG and communicating to relevant stakeholders in a timely manner. The Incident Response Manager will be working heavily within the CSIRT’s suite of tools, including SIEM, EDR, Case Management, and Cyber Threat Intelligence technologies.

YOU BRING (EXPERIENCE & QUALIFICATIONS)

• Minimum of 5 to 7 years of information security experience, with a very strong technical background
• Significant information security and risk management experience in a multinational enterprise
• Demonstrated Incident Response experience (from a Consultancy or SOC environment)
• Good verbal and written communications skills
• Calm demeanor, grace under fire, outstanding listening skills
• Good problem solving, analytical skills and decision making
• Experience with Security Information and Event Management (SIEM) monitoring tools and their use (Splunk, Arcsight, QRadar or similar)
• Experience with Endpoint Detection and Response tools (Crowdstrike, Carbon Black, Microsoft Defender, or similar)
• Security certification like CISSP, CEH, GCIA or GCIH or equivalent a plus

YOU'LL WORK WITH

BCG’s information technology group collaboratively delivers the latest digital technologies that enable our consultants to lead and our business to grow. For our IT jobs, we seek individuals with expertise in the areas of IT infrastructure, application development, business systems, collaborative and social technologies, information security, and project leadership.