Cyber Risk And Incident Response Manager

Zoom Atlanta , GA 30301

Posted 2 weeks ago

Zoom is an award-winning workplace. We have been recognized by Comparably as #1 CEO, Company Happiness, Benefits, Compensation, Diversity, and more! Not to mention we've been awarded by Glassdoor as the 2nd Best US workplace & Best Large Company US CEO in 2018, Wealthfront, and Business Insider. Our culture focuses on delivering happiness, our commitment to transparency, and the tangible benefits we provide our employees and our customers.

The Cyber Risk and Incident Response Manager is responsible for managing Zoom's Incident Response, and Risk Register within Zoom's Governance, Risk and Compliance (GRC) Technology platform(s). This individual will be a subject matter expert in incident response (IR) and risk registry creating Zoom's playbooks with a focus on creating, and maintaining incident response playbooks that would be invoked from Zoom's GRC platform.


Incident Response:

Utilizing the National Institute of Standards and Technology (NIST) Cybersecurity Framework. In using the NIST CSF as a guiding principle would assure Zoom has the appropriate systems, and playbooks in place to establish:

  • The creation of an incident response policy and plan

  • The development of procedures for performing incident handling and reporting

  • Setting guidelines for communicating with outside parties regarding incidents

  • Determining the Zoom teams that would be involved with continuous IR planning, monitoring and resolutions

  • Would establish relationships and lines of communication between the incident response team and other groups, both internal (e.g., security operations center, legal department)

  • Assist with determining what services the incident response team should provide

The Cyber Risk and Incident Response Manager will be responsible for creating Zoom's IR playbooks that would be used and implemented within Zoom to include:

  • Incident identification

  • Incident logging

  • Incident categorization

  • Incident prioritization

  • Incident response

  • Initial diagnosis

  • Incident escalation

  • Investigation and diagnosis

  • Resolution and recovery

  • Incident closure

  • Incident Identification

Risk registry:

The Cyber Risk and Incident Response Manager will be responsible for the creation, maintenance and on-going monitoring of Zoom's Risk Register within the GRC environment.

  • Provide a centralized process to identify, assess, respond to, and continuously monitor Zoom's enterprise and platform risks that may negatively impact business operations.

  • Develop structured workflows for the management of risk assessments, risk indicators, and risk issues.

  • Utilizing the Zoom GRC platform will create graphical interfaces to report out profile and risk dependencies.

  • Will create profile types to group common profiles with similar risks together for easier assessment.

  • Will create risk statements to define a set of potential risks that could occur across the organization.

  • Will assign risk statements to profile types, to generate risks from statements, or generate risks manually.

  • Assist with determining the appropriate risk response (for example, Accept, Avoid, Mitigate, or Transfer), and document the justification for the response.

  • Assign and complete Remediation Tasks to ensure that risk mitigation efforts are implemented.

  • Utilize the Governance, Risk, and Compliance (GRC) application to track risk mitigation efforts by relating a risk to controls or policies which mitigate the risk.

Required and Preferred Skills and Experience:

  • Education: Masters Degree preferred

  • 10 + years of experience with both government & large service providers in cyber and incident/legal response matters

  • Experience handling cyber security relationships between the public and private sector.

  • Previous government related experience in Incident Response playbook creation

  • Experience managing a cyber security and defense team for a government cyber security program.

  • Direct experience in implementing NIST based incident response programs

  • Experience working with and coordinating with enterprise legal teams

  • Exceptional verbal and written communication skills, with mastery of the ability to tailor the context of the conversation to the audience

  • Experience with socializing incident response awareness campaigns

  • Ability to think outside the box and develop solutions to accomplish seemingly impossible tasks, while remaining risk and objective focused

icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Cyber Risk Technical Resilience (High Availability And Operational Resilience) Senior Manager

Deloitte & Touche L.L.P.

Posted 3 weeks ago

VIEW JOBS 10/1/2020 12:00:00 AM 2020-12-30T00:00 Are you interested in improving the cyber and organizational risk profiles of leading companies? If your response is yes, consider joining Deloitte & Touche LLP's growing Cyber Risk Resilient practice. Our technical resilience services professionals assist our clients with the design and implementation of the technical solutions and risk management programs which improve their ability to withstand cyberattacks and other disruptions to IT capabilities supporting critical business operations. Work you'll do As a Cyber Technical Resilience Senior Manager, you will be at the front lines with our clients supporting them with their security and resiliency needs to improve their overall security posture, by implementing industry leading practices around cyber risks and resilience for clients. You will: * Lead in transforming traditional disaster recovery (DR) solutions to secure, agile, scalable, always-on, cloud-first environments. * Assess, design, and implement resilient architectures for clients across a diverse set of technologies including cloud, big data, risk sensing, and advanced security technologies. * Lead the Resilient Infrastructure Design and Architecture on client engagements for complex environments. * Lead clients in implementing innovative risk management organizations and processes which drive resilience across the enterprise. * Lead response and recovery activities for high profile technology disruptions including cyberattacks, natural disasters, man-made disasters, and other crises scenarios. * Lead wargaming, technology transformation, resilience assessment, resilient design, impact analysis, risk analysis, service continuity, plan documentation, and testing and failover automation activities. * Maintain client relationships by developing a reputation as an independent professional who delivers exceptional results. * Create executable strategies to initiate, grow and sustain profitable relationships with clients. * Capture and share leading-practice knowledge amongst the technology community. * Oversee/Lead the architecting and design of complex resilience architectures and solutions for clients. * Review and finalize reference architectures for cloud and on-prem environments, designing business solutions, developing deployment, migration, operation and monitoring guides. * Promote industry leading practices through the design and mentorship of other technology teams and team-members. * Deliver end-to-end automation of deployment, monitoring and infrastructure management. * Demonstrate deep understanding of testing methodologies, test automation and software development principles. * Lead the team on whitepapers, proof of concepts, technical eminence materials and firm initiatives. * Support and enable team members across both technical and management leadership capacities. * Provide internal technical security and resiliency training to Advisory personnel as needed. The team Deloitte Advisory's Cyber Risk team helps complex organizations more confidently pursue their growth, innovation and performance agendas through proactive management of the associated cyber risks. Our professionals design, deploy, and assess IT resilience, business continuity, disaster recovery, and crisis management solutions for client technical infrastructure, applications and business processes to help clients transform their legacy programs into proactive Secure.Vigilant.Resilient.TM cyber risk programs. Join the team developing the future state of cyber risk solutions. Learn more about Deloitte Advisory's Cyber Risk Services practice. Qualifications Required: * 10+ years of experience with large enterprise resilience and recovery solutions * 5+ years of hands-on technical experience with at least one cloud platform in security or infrastructure implementation and operations. * 5+ years of working with different Cloud platforms (Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS)) and environments (Public, Private, Hybrid). * Expertise in data backup & replication services (i.e., tape-based, virtual tape, network file share backup, synchronous and asynchronous replication, SAN or database replication, and snapshot journaling) * Expertise in recovery of virtualized environments including Cloud technologies, Wintel and Unix/Linux based environments, software defined networks and Wide Area Network (WAN) principles. * Experience conducting disaster recovery, business continuity, incident response, or cyber wargaming exercises. * Experience directing DR, IT service continuity, cyber incident response/recovery, or business continuity (BC) program activities. * Understanding of industry regulatory and compliance requirements (i.e., FedRAMP, PCI-DSS, NIST, HIPAA) and skilled at interpreting the compliance and security requirements into implementable and repeatable controls. * Client interfacing, relationship building, and consulting skills. Additional Requirements: * BA/BS Degree is required. Ideally in Computer Science, Cyber Security, Information Security, Engineering, Information Technology. * Travel up to 50% (While 50% of travel is a requirement of the role, due to COVID-19, non-essential travel has been suspended until further notice). * Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future. * Identify opportunities to improve engagement profitability * Experience with engaging C-Level executives and developing cyber risk strategies to address broad security issues. * Experience with leading multiple distributed teams across different geographies. Preferred: * Previous Consulting or Big 4 experience preferred. * Experience with Cloud technologies such as Amazon Web Services (AWS), Microsoft Azure, or similar. * Experience with big data analytics such as Splunk, Teradata, Hadoop. * Experience in DevOps organizations. * Experience with advanced network designs such as zero trust networks. * Experience in Disaster Recovery as a Service (DRaaS). * Experience with advanced testing concepts such as Chaos Engineering. * Master's degree and/or Relevant certifications: CBCP, MBCP, ABCI, MBCI, FBCI, ITIL, PMP, CISPP, CCSP, or Certified Data Recovery Professional (CDRP). * Excellent writing and verbal communication skills. * Strong project management and organizational skills. How you'll grow At Deloitte, our professional development plan focuses on helping people at every level of their career to identify and use their strengths to do their best work every day. From entry-level employees to senior leaders, we believe there's always room to learn. We offer opportunities to help sharpen skills in addition to hands-on experience in the global, fast-changing business world. From on-the-job learning experiences to formal development programs at Deloitte University, our professionals have a variety of opportunities to continue to grow throughout their career. Explore Deloitte University, The Leadership Center. Benefits At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you. Deloitte's culture Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy, centered, confident, and aware. We offer well-being programs and are continuously looking for new ways to maintain a culture where our people excel and lead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenship Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with our clients, our people and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities. Learn more about Deloitte's impact on the world. Recruiter tips We want job seekers exploring opportunities at Deloitte to feel prepared and confident. To help you with your interview, we suggest that you do your research: know some background about the organization and the business area you're applying to. Check out recruiting tips from Deloitte professionals. As used in this posting, "Deloitte Advisory" means Deloitte & Touche LLP, which provides audit and enterprise risk services; Deloitte Financial Advisory Services LLP, which provides forensic, dispute, and other consulting services; and its affiliate, Deloitte Transactions and Business Analytics LLP, which provides a wide range of advisory and analytics services. Deloitte Transactions and Business Analytics LLP is not a certified public accounting firm. Please see for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. These entities are separate subsidiaries of Deloitte LLP. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law. Deloitte will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws. See notices of various ban-the-box laws where available. Requisition code: E21NATFMGRLCL422-SGO * * * * * * Deloitte & Touche L.L.P. Atlanta GA

Cyber Risk And Incident Response Manager