New Job Posted
Security Crisis Manager
Rochester, NY - Relocation Assistance Provided
BC Management, Inc. JO# 2968
Position: Security Crisis Manager
Location: Rochester, NY – Relocation Assistance Available
Salary: Based on Experience
* Candidates must have authorization in place to work in the USA.
* Offer will be contingent on passing a background check.
* Seeking candidates with 8+ years expertise in crisis management/ security incident response.
The Crisis Manager is a critical and senior member of the COMPANY Enterprise Data Security department reporting directly to the Chief Information Security Officer (CISO). The Enterprise Data Security department is responsible for incident response, crisis preparedness, enterprise information security strategy, governance, and risk management.
The Crisis Manager will support the COMPANY Enterprise Data Security Team by developing an enterprise wide incident response and crisis management program. The Crisis Manager will ensure the successful implementation of this plan in the event of a crisis, and will serve as a liaison between the incident response team and key internal and external stakeholders. The work of this key position will protect COMPANY’s financial and reputational integrity.
The candidate that is chosen for this position will work with a converged security department—both cyber and physical security functions report into the CISO—that approaches resiliency and security as a strategic business partnership to address business risk. This provides the unique opportunity to interact and protect the business at all levels.
The candidate will work in a matrix team environment where collaboration and knowledge sharing are a regular practice for ensuring operational excellence and individual growth. The teams represented in the matrix typically include: Legal, Corporate Communications, Public Relations, Executive Management, Human Resources, Digital Media and Compliance.
- Develop and own the Security Incident Response Program to ensure a coordinated crisis management approach that facilitates the effective and timely handling of serious cyber and security events. Serve as the liaison between the Incident Response Team and key internal and external stakeholders to ensure a coordinated response.
- Develop and maintain a crisis response playbook that defines criteria for various crisis responses and documents the roles and responsibilities of key stakeholders. Provide direction, oversight, and training for all stakeholders engaged in the cyber/security action response process.
- Partner with corporate communications to establish comprehensive crisis communication plans and public relations strategies, tailored to specific crisis scenarios and stakeholders.
- Enhance the capabilities of the information security focused cyber action communications team to ensure coverage for an enterprise wide all-hazards program that also includes responses to physical incidents.
- Serve as a subject matter expert on existing and emerging cyber threats to ensure new and updated crisis response plans are developed as appropriate.
- Conduct comprehensive table top exercises with internal and external response functions to validate response efficacy and preparedness. Support the administration and maintenance of preparedness and exercise schedules.
- Lead and influence at all levels of the organization, from the executive team to employees, and from subsidiaries to third party service providers.
- Implement awareness, assessment, communication, and command procedures for the Incident Response Program
- Partner with Human Resources to facilitate the creation of an enterprise wide security training curriculum. Serve as an ambassador for Enterprise Data Security, meeting with and educating senior leadership and key stakeholders to ensure appropriate development of skills and proactive prevention of security threats.
- Develop and implement policies, standards, procedures, guidelines, training and systems that enable employees to respond to time sensitive business process disruptions
- Provide strategic support to investigators as they tactically lead the business through documented incident response procedures.
- Gather post incident documentation, share lessons learned with management and refine processes as necessary
- Partner with the Information Technology Business Continuity Team to analyze and interpret emergency scenarios, and develop mitigation strategies specific to cyber actions.
- Develop and maintain partnerships with external stakeholders to coordinate response during potential events, including but not limited to, law enforcement, media, insurance agencies etc.
- Assist in the creation of targeted remediation 'playbooks' to guide investigators in response and recovery activities
- Participate in third party reviews of contracted service providers for inclusion as necessary into the cyber action roadmap
- Summarize complex incidents effectively to different constituencies such as legal counsel, executive management and technical staff, both in written and verbal forms.
Bachelor's degree in Business Management, Emergency Administration and Disaster Preparedness, Information Technology/Systems/Assurance, Public Communications or equivalent experience. Previous experience planning, managing, and leading a corporate crisis is preferred. Additional training requirements preferred include: Professional Crisis Management, Crisis Management Certified Specialist (CMCS) or Crisis Management Certified Planner (CMCP)
- Ability to discuss incident response and crisis management in terms of business support when speaking with peers and executives
- Influence a culture of business resiliency
- Deliver well-organized, impactful presentations
- Able to analyze data and identify the root cause of an issue as well as providing recommendations for improvements
- Able to interact with members of the Business Units and discuss business processes
- Work independently to produce high quality documents and templates
- Understanding of Crisis Management, Emergency Response, Employee Safety, Business Continuity, Disaster Recovery and the differences between each practice
- Able to facilitate and keep meetings objective on point, utilizing conflict resolution skills when necessary
- Knowledge of industry standards
- Strong business process documentation skills
- Good interpersonal skills that including the ability to effectively communicate both in written and verbal forms
The following statements are intended to describe the general nature and level of work being performed. This is not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of personnel.
All qualified applicants will receive consideration for employment without regard to race, color, religious creed, ancestry, national origin, age, sex or handicap.
Apply to this job - http://portal.bcmanagement.com/#/jobs/2968
If you experience any issues applying or to learn more about the position, please contact Cheyene Marling – Firestorm - BC Management at email@example.com or +1 714-969-8006.