Cyber Risk And Incident Response Manager

Zoom Atlanta , GA 30301

Posted 2 months ago

Zoom is an award-winning workplace. We have been recognized by Comparably as #1 CEO, Company Happiness, Benefits, Compensation, Diversity, and more! Not to mention we've been awarded by Glassdoor as the 2nd Best US workplace & Best Large Company US CEO in 2018, Wealthfront, and Business Insider. Our culture focuses on delivering happiness, our commitment to transparency, and the tangible benefits we provide our employees and our customers.

The Cyber Risk and Incident Response Manager is responsible for managing Zoom's Incident Response, and Risk Register within Zoom's Governance, Risk and Compliance (GRC) Technology platform(s). This individual will be a subject matter expert in incident response (IR) and risk registry creating Zoom's playbooks with a focus on creating, and maintaining incident response playbooks that would be invoked from Zoom's GRC platform.


Incident Response:

Utilizing the National Institute of Standards and Technology (NIST) Cybersecurity Framework. In using the NIST CSF as a guiding principle would assure Zoom has the appropriate systems, and playbooks in place to establish:

  • The creation of an incident response policy and plan

  • The development of procedures for performing incident handling and reporting

  • Setting guidelines for communicating with outside parties regarding incidents

  • Determining the Zoom teams that would be involved with continuous IR planning, monitoring and resolutions

  • Would establish relationships and lines of communication between the incident response team and other groups, both internal (e.g., security operations center, legal department)

  • Assist with determining what services the incident response team should provide

The Cyber Risk and Incident Response Manager will be responsible for creating Zoom's IR playbooks that would be used and implemented within Zoom to include:

  • Incident identification

  • Incident logging

  • Incident categorization

  • Incident prioritization

  • Incident response

  • Initial diagnosis

  • Incident escalation

  • Investigation and diagnosis

  • Resolution and recovery

  • Incident closure

  • Incident Identification

Risk registry:

The Cyber Risk and Incident Response Manager will be responsible for the creation, maintenance and on-going monitoring of Zoom's Risk Register within the GRC environment.

  • Provide a centralized process to identify, assess, respond to, and continuously monitor Zoom's enterprise and platform risks that may negatively impact business operations.

  • Develop structured workflows for the management of risk assessments, risk indicators, and risk issues.

  • Utilizing the Zoom GRC platform will create graphical interfaces to report out profile and risk dependencies.

  • Will create profile types to group common profiles with similar risks together for easier assessment.

  • Will create risk statements to define a set of potential risks that could occur across the organization.

  • Will assign risk statements to profile types, to generate risks from statements, or generate risks manually.

  • Assist with determining the appropriate risk response (for example, Accept, Avoid, Mitigate, or Transfer), and document the justification for the response.

  • Assign and complete Remediation Tasks to ensure that risk mitigation efforts are implemented.

  • Utilize the Governance, Risk, and Compliance (GRC) application to track risk mitigation efforts by relating a risk to controls or policies which mitigate the risk.

Required and Preferred Skills and Experience:

  • Education: Masters Degree preferred

  • 10 + years of experience with both government & large service providers in cyber and incident/legal response matters

  • Experience handling cyber security relationships between the public and private sector.

  • Previous government related experience in Incident Response playbook creation

  • Experience managing a cyber security and defense team for a government cyber security program.

  • Direct experience in implementing NIST based incident response programs

  • Experience working with and coordinating with enterprise legal teams

  • Exceptional verbal and written communication skills, with mastery of the ability to tailor the context of the conversation to the audience

  • Experience with socializing incident response awareness campaigns

  • Ability to think outside the box and develop solutions to accomplish seemingly impossible tasks, while remaining risk and objective focused

icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Associate Managing Director Cyber Risk

Duff & Phelps

Posted 3 weeks ago

VIEW JOBS 11/6/2020 12:00:00 AM 2021-02-04T00:00 * Success Profile * Benefits * Description Success Profile What makes a successful Cyber Security employee at Duff & Phelps? Check out the traits we're looking for and see if you have the right mix. * Analytical * Communicator * Independent * Insightful * Relationship expertise * Technologically inquisitive Back to Job Navigation (Success) Career Path Duff & Phelps offers many career paths to support your immediate and future success. * Intern leads to Associate, Cyber Risk * Associate, Cyber Risk leads to Senior Associate, Cyber Risk * Senior Associate, Cyber Risk leads to Vice President, Cyber Risk * Vice President, Cyber Risk leads to Senior Vice President, Cyber Risk * Senior Vice President, Cyber Risk leads to Associate Managing Director, Cyber Risk * Associate Managing Director, Cyber Risk ends this path Back to Job Navigation (Career Path) Employee Testimonials Personal improvement and growth are taken seriously here. The flexibility to work on both proactive and reactive cyber security engagements has greatly expanded my exposure and abilities in serving our clients. Goh Siong Por Vice President, APAC Cyber Risk, Singapore At Kroll Cyber Risk, I find the collaboration and real sense of teamwork very inspiring. Personal egos are not encouraged! Communication with senior management is also straightforward and responsive. An excellent working environment. Bill Anderson Vice President, APAC Cyber Risk, Singapore Opportunities for new cyber challenges, knowledge, and career growth are plentiful here. Not only is your success supported through regular professional training, the entire global team also contributes to information sharing via collaboration tools and weekly group presentations. We truly work as a global team and no one ever hesitates to step up and help. David Klopp AMD, Cyber Risk, Singapore At Kroll you have the opportunity to learn different aspects of cyber security allowing you to develop a set of skills beneficial to your career growth and development. Kroll invests in cyber security and each employee can receive sponsorship for cyber training. In addition, they encourage a work life balance allowing you to do different things for yourself and the team. Rick Li Senior Associate, Cyber Risk, Hong Kong The Kroll Cyber team has a great culture. Everyone is down to earth and willing to help each other out. There are no big egos to contend with, which makes for a vibrant and collaborative working environment. One of the significant differences between Kroll Cyber and other places I have worked is how easy it is to work across international teams. There are no bureaucratic processes; all it takes is a quick conversation to organise logistics. Mark Farley Senior Vice President, EMEA Cyber Risk, London Working for the group is awesome, from the amazing culture to a diverse range of projects undertaken. The benefits of being in a global team and collaborative knowledge sharing is unparalleled compared to competitors. Everyday can be different, however it typically consists of helping clients improve their cyber security, constant learning and problem solving. Hassan Mahmud Associate, EMEA Cyber Risk, London One of the things I appreciate most from being at this company is the feeling of support. Whether that be helping to develop my work product, ensuring I receive sufficient training, or affording me flexibility when life demands it, I always have the sense that Kroll has my back, and that is a valuable thing indeed. Ben Hawkins Senior Managing Consultant, EMEA Cyber Risk, London Benefits * Professional Development Ongoing training and development opportunities at all levels of the firm through programs such as Duff & Phelps University, The Promote Program and Network of Women. * Global Presence As a global firm, our benefits vary by country. * Collaboration Be part of a flexible and diverse team that encourages and supports your personal and professional growth. Back to Job Navigation (Rewards) Description Job ID 20001434 Atlanta, Georgia Apply now Kroll, a division of Duff & Phelps and part of the Governance, Risk, Investigations and Disputes business unit, is the leading global provider of risk solutions. For more than 45 years, Kroll has helped clients make confident risk management decisions about people, assets, operations and security through a wide range of investigations, cyber security, due diligence and compliance, physical and operational security, and data and information management services. Kroll's Cyber Risk team works on hundreds of cases a year, including some of the most complex and highest profile matters in the world. With experts based around the world, supported by ground-breaking technology, we can help protect our client's data, people, operations and reputation with innovative cyber risk assessments, investigations and reporting. We help enable organization to be more cyber resilient by preparing for and detecting incidents through risk assessments, penetration testing and threat detection/intelligence services. Our clients also count on us for quick and expert support in the event of a cyber breach or attack; we help clients - of all sizes -respond to incidents and restore stability through digital forensics, breach notification, and identity monitoring and restoration services for individuals affected by a data breach. Responsibilities: * Lead Penetration Testing, Cyber risk assessments, Red Teams, and incident response engagements * Contribute to the growth of the Cyber practice, including the development and implementation of strategic and tactical plans to exceed the growth and revenue goals of the organization. * Manage complex client engagements with multiple components including risk assessments and forensic investigations. * Influence and collaborate with practitioners across all of Kroll on cross-functional practice/business collaboration efforts. * Partner with the sales team to develop and execute campaigns which drive revenue and increase market and consumer awareness for the overall suite of services offered. * Represent Kroll in speaking engagements, conventions, industry events and sound bites as required * Mentor and develop staff to ensure the execution of client objectives and deliverables. Qualifications: * 10 + years of professional service leadership including expertise in the areas of cyber security, information risk assessment, and healthcare. * Experience and content expertise in the cyber security/information security space. * Proven track record of success in managing technical and analytical teams in a professional services environment. * Has successfully worked with C-Level executives, chief compliance, risk and privacy officers * Demonstrate exemplary written and oral communication skills * Experienced in contract preparation, review and execution * Excellent relationship building skills and the ability to establish trust and credibility across the organization * Strong ability to influence across multiple business lines * Must be flexible, enthusiastic and possess good human relations skills. * Must be able to think independently and make sound decisions. * Must be proficient in MS office products, i.e. Word, Excel, PowerPoint and Project Management. Proficiency in and knowledge of industry standard cyber investigation and risk assessment tools a plus. * Demonstrated expertise in managing partnerships with large and/or industry-leading organizations. * Excellent interpersonal and communication skills (listening, verbal, written presentation) * Display ability to communicate effectively particularly with external clients and internal colleagues demonstrating the ability to reach the desired project outcome. * Willingness to travel up to 50% * BA/BS required, advanced degree preferred. In order to be considered for a position at Duff & Phelps, you must formally apply via Duff & Phelps is committed to creating an inclusive work environment. We are proud to be an equal opportunity employer and will consider all qualified applicants regardless of gender, gender identity, race, religion, color, nationality, ethnic origin, sexual orientation, marital status, veteran status, age or disability. Duff & Phelps Atlanta GA

Cyber Risk And Incident Response Manager